FBI says Iranian hackers are using Telegram to steal data in malware attacks

The FBI has warned that Iranian hackers are using Telegram to steal data from dissidents, journalists, and opposition groups worldwide. They manipulate targets into installing disguised malware, enabling remote access to victim devices. These activities are reportedly linked to Iran's Ministry of Intelligence and Security, and signify attempts to advance the regime's geopolitical agenda.

Key Points

• Iranian government hackers use Telegram to contact targets, pretending to be known contacts or tech support.
• Targets are tricked into downloading malware disguised as legitimate applications.
• Once installed, the malware connects victims to Telegram bots for remote control of their devices.
• Hackers can then steal files, take screenshots, and record calls.
• The FBI links these hacks to Iran's Ministry of Intelligence and Security (MOIS) and associates them with the Handala group.
• The FBI recently seized websites linked to Handala and another group, Homeland Justice, both allegedly controlled by MOIS.

Relevance

• This incident highlights the increasing use of messaging platforms for cyberattacks, reflecting a trend of using legitimate services for malicious purposes.
• It ties into the broader geopolitical conflicts involving cyber operations related to national security.
• In 2025, trends such as the rise of AI in cybersecurity and remote workforce threats will make these types of attacks more concerning.

The FBI's alert underscores escalating cyber threats from state actors like Iran, leveraging platforms like Telegram to conduct espionage against activists and dissidents, highlighting a pressing need for improved cybersecurity measures.