**FBI Sounds Alarm on Handala Hackers Using Telegram in Malware Attacks**
In a recent flash alert, the U.S. Federal Bureau of Investigation (FBI) warned network defenders about Iranian hackers linked to the country's Ministry of Intelligence and Security (MOIS) using Telegram as command-and-control infrastructure for malware attacks. These cyberattacks have targeted journalists criticizing the Iranian government, Iranian dissidents, and various other oppositional groups worldwide.
According to the FBI, the Handala hacktivist group, also known as Handala Hack Team or Hatef, has been using social engineering tactics to infect targets' devices with Windows malware that enables them to exfiltrate screenshots or files from compromised computers. This is not an isolated incident; the Iranian state-sponsored Homeland Justice threat group tied to Iran's Islamic Revolutionary Guard Corps (IRGC) has also been involved in similar attacks.
**The Use of Telegram in Malware Attacks**
While the use of Telegram as command-and-control infrastructure for malware might seem unique, it's essential to remember that bad actors can use any available channel to control malware. A spokesperson from Telegram noted that moderators routinely remove accounts found to be involved with malware and emphasized that there is nothing special about using Telegram in this context.
**FBI Seizes Handala Domains**
One day after the FBI issued its flash alert, they seized four domains associated with the Handala and Homeland Justice threat groups. These websites were used by the attackers during their operations and to leak sensitive documents and data stolen in cyberattacks targeting victims in the United States and around the world.
**Handala's History of Cyberattacks**
The Handala group has been linked to a number of high-profile cyberattacks, including one against U.S. medical giant Stryker. In that incident, they factory reset approximately 80,000 devices using the Microsoft Intune wipe command after compromising a Windows domain administrator account and creating a new Global Administrator account.
**Growing Concerns in Cybersecurity**
This warning from the FBI comes on the heels of another alert about Russian intelligence-linked threat actors targeting Signal and WhatsApp users in phishing campaigns. These types of attacks highlight the growing concern for cybersecurity threats and emphasize the need for vigilance in defending against malware and other cyberattacks.
**Mitigation Strategies to Reduce Risk**
The FBI is releasing this information to maximize awareness of malicious Iranian cyber activity and provide mitigation strategies to reduce the risk of compromise. To stay ahead of these threats, it's essential to:
* Be cautious when using messaging apps like Telegram for sensitive communications * Implement robust security measures to protect against malware attacks * Stay informed about emerging cybersecurity threats and risks
By taking proactive steps to protect themselves and their organizations from these types of cyberattacks, individuals can reduce the risk of compromise and stay ahead of the threat landscape.
**Red Report 2026: Why Ransomware Encryption Dropped 38%**
For more insights on the latest cybersecurity trends and threats, download our analysis of 1.1 million malicious samples to uncover the top 10 techniques used by malware authors to detect sandboxes and hide in plain sight.
The Handala hackers using Telegram in malware attacks serve as a stark reminder of the importance of staying vigilant in the face of emerging cybersecurity threats. By working together, we can reduce the risk of compromise and protect ourselves against these types of attacks.