**FBI Warns of Iranian Hackers Using Telegram for Malware Attacks: What You Need to Know**

The U.S. Federal Bureau of Investigation (FBI) has issued a warning about the activities of Iranian hackers linked to the country's Ministry of Intelligence and Security (MOIS), who are using popular messaging app Telegram as command-and-control (C2) infrastructure in malware attacks. These attacks have targeted journalists, dissidents, and oppositional groups worldwide, resulting in intelligence collection, data leaks, and reputational harm.

The FBI's warning highlights the increasing use of social engineering tactics by Iranian hackers to infect targets' devices with Windows malware that enables them to exfiltrate sensitive information. This is not an isolated incident, as recent attacks have compromised thousands of accounts, including those of U.S. government officials, military personnel, and journalists. In this article, we'll delve into the details of these attacks and provide insights on how to mitigate the risks.

**The Handala Hacktivist Group: A State-Sponsored Operation**

The FBI has linked these attacks to the Iranian-linked and pro-Palestinian Handala hacktivist group (also known as Handala Hack Team, Hatef, Hamsa) and the Iranian state-sponsored Homeland Justice threat group tied to Iran's Islamic Revolutionary Guard Corps (IRGC). These groups have been using Telegram to control malware and exfiltrate sensitive information from compromised computers.

In a recent attack on U.S. medical giant Stryker, Handala hackers factory reset approximately 80,000 devices using the Microsoft Intune wipe command after compromising a Windows domain administrator account and creating a new Global Administrator account. This is just one example of the devastating impact of these attacks, which can result in significant reputational harm and data breaches.

**The Role of Telegram in Malware Attacks**

Telegram has been used by hackers as C2 infrastructure to control malware, allowing them to exfiltrate sensitive information from compromised devices. A Telegram spokesperson stated that "bad actors can and do use any available channel to control malware, including other messengers, emails or even direct web connections." However, the company's moderators routinely remove any accounts found to be involved with malware.

**Mitigation Strategies: Protecting Your Organization from Iranian Hackers**

To mitigate the risks associated with these attacks, it's essential to implement robust cybersecurity measures, such as:

1. Implementing robust access controls and monitoring systems to detect suspicious activity. 2. Conducting regular security audits and penetration testing to identify vulnerabilities. 3. Educating employees on social engineering tactics and phishing attacks. 4. Implementing a zero-trust architecture to limit the attack surface. 5. Monitoring Telegram and other messaging apps for suspicious activity.

In conclusion, the FBI's warning highlights the increasing threat posed by Iranian hackers using Telegram as C2 infrastructure in malware attacks. It's essential for organizations to be vigilant and implement robust cybersecurity measures to protect themselves against these threats. By staying informed and proactive, we can reduce the risk of compromise and minimize the impact of these devastating attacks.

**Related Articles:**

* **Red Report 2026: Why Ransomware Encryption Dropped 38%** * **Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight. Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.**