**Handala Hackers Using Telegram in Malware Attacks: FBI Warns Network Defenders**

The Federal Bureau of Investigation (FBI) has issued a warning to network defenders about the increased use of Telegram by Iranian hackers linked to the country's Ministry of Intelligence and Security (MOIS). These hackers, part of the Handala hacktivist group, are using Telegram as command-and-control (C2) infrastructure in malware attacks targeting journalists, dissidents, and oppositional groups worldwide. The FBI's warning comes amidst a heightened geopolitical climate in the Middle East, with the bureau highlighting the need for awareness and mitigation strategies to reduce the risk of compromise.

The Handala hackers, also linked to the Iranian state-sponsored Homeland Justice threat group, have been using social engineering tactics to infect targets' devices with Windows malware. This malware enables them to exfiltrate sensitive information, including screenshots or files from compromised computers. The use of Telegram as C2 infrastructure is not unique, but it highlights the evolving tactics employed by bad actors in the cyber realm.

**The Role of Telegram in Malware Attacks**

While Telegram has taken steps to remove accounts involved with malware, the FBI's warning underscores the need for vigilance. Bad actors can and do use various channels to control malware, including other messengers, emails, or direct web connections. The Handala hackers' reliance on Telegram as C2 infrastructure highlights the importance of monitoring Telegram activity for suspicious behavior.

**The Handala Hacktivist Group**

The Handala hacktivist group has been linked to several high-profile attacks, including a cyberattack on U.S. medical giant Stryker. In this attack, the hackers factory reset approximately 80,000 devices using the Microsoft Intune wipe command after compromising a Windows domain administrator account and creating a new Global Administrator account.

**Other Recent Cybersecurity Threats**

The FBI's warning comes on the heels of several other cybersecurity threats, including:

* A phishing campaign targeting Signal and WhatsApp users by Russian intelligence-linked threat actors. * A ransomware attack on a U.S. medical facility using a previously unknown vulnerability in the organization's network architecture. * A supply-chain attack spreading through Docker and GitHub repositories.

**Conclusion**

The Handala hackers' use of Telegram as C2 infrastructure highlights the evolving tactics employed by bad actors in the cyber realm. Network defenders must remain vigilant, monitoring for suspicious activity on various channels, including Telegram. By staying informed about emerging threats and vulnerabilities, organizations can reduce their risk of compromise and stay ahead of the threat landscape.

**Recommendations**

* Monitor Telegram activity for suspicious behavior. * Stay up-to-date with the latest security patches and updates. * Implement robust cybersecurity measures, including intrusion detection systems and firewalls. * Educate employees on cybersecurity best practices to prevent social engineering attacks. * Continuously monitor and analyze network activity for signs of compromise.

By following these recommendations and staying informed about emerging threats, organizations can reduce their risk of compromise and stay ahead of the threat landscape.