Hacker Pranks – Fake Hacking Simulations & Tech Pranks

**Handala Hackers Leveraging Telegram in Malware Attacks: What You Need to Know**

The U.S. Federal Bureau of Investigation (FBI) has issued a warning about Iranian hackers linked to the country's Ministry of Intelligence and Security (MOIS) using Telegram as command-and-control infrastructure for malware attacks. These attacks, which have targeted journalists criticizing the Iranian government, Iranian dissidents, and other oppositional groups worldwide, have resulted in intelligence collection, data leaks, and reputational harm against the targeted parties.

The FBI has linked these attacks to the Iranian-linked Handala hacktivist group (also known as Handala Hack Team, Hatef, Hamsa) and the Iranian state-sponsored Homeland Justice threat group tied to Iran's Islamic Revolutionary Guard Corps (IRGC). The hackers are using social engineering to infect targets' devices with Windows malware that enables them to exfiltrate screenshots or files from compromised computers.

**The Role of Telegram in Malware Attacks**

In a statement, a Telegram spokesperson acknowledged the use of their platform for controlling malware: "Bad actors can and do use any available channel to control malware, including other messengers, emails or even direct web connections." However, the company also noted that moderators routinely remove accounts found to be involved with malware. This warning comes after the FBI seized four domains used by the Handala and Homeland Justice threat groups, as well as a third threat actor tracked as Karma Below.

**The Scope of the Attacks**

These attacks are not isolated incidents. The FBI has warned that Russian intelligence-linked threat actors are also targeting Signal and WhatsApp users in phishing campaigns that have already compromised thousands of accounts. The activity targets individuals of high intelligence value, such as current and former U.S. government officials, military personnel, political figures, and journalists.

**The Impact on Organizations**

These attacks highlight the importance of cybersecurity for organizations, particularly those operating in high-risk industries. The FBI has warned that malware resulted in intelligence collection, data leaks, and reputational harm against the targeted parties. This is a stark reminder of the need for robust security measures to protect against these types of threats.

**What Can You Do to Protect Yourself?**

To reduce the risk of compromise, the FBI recommends:

1. Be cautious when receiving unsolicited messages or attachments from unknown sources. 2. Use strong passwords and enable two-factor authentication (2FA) whenever possible. 3. Keep your operating system and software up-to-date with the latest security patches. 4. Install reputable anti-virus software and keep it updated. 5. Regularly back up your data to a secure location.

By being aware of these threats and taking proactive steps to protect yourself, you can reduce the risk of falling victim to these types of attacks.

The Handala hackers' use of Telegram in malware attacks is a stark reminder of the evolving nature of cyber threats. As cybersecurity professionals, it's essential to stay informed about the latest threats and vulnerabilities to ensure the protection of our organizations and clients.

HACKER_BLOG

FBI WARNS OF HANDALA HACKERS USING TELEGRAM IN MALWARE ATTACKS

Iran-linked actors use Telegram as C2 in malware attacks on dissidents

Sergiu Gatlan

HACKER_BLOG

FBI WARNS OF HANDALA HACKERS USING TELEGRAM IN MALWARE ATTACKS

Iran-linked actors use Telegram as C2 in malware attacks on dissidents

Sergiu Gatlan

RELATED POSTS

Colin Walters: Agent security is just security

Flashpoint unveils new threat intelligence suite to link cyber risks to business impact

US chip testing firm shrugged off ransomware hit as minor - then came the data leak

Wait! Don't Go!