In Credential Compromise channels, users request specific functionalities or guidance, such as asking for help with setting up tools for phishing. Requests like ”hi bro how i can use it with sender” indicate a need for tutorials or step-by-step instructions, reflecting the technical challenges users face.In Copyright Media channels see requests centered around content availability. Users express interest in more works by specific creators or certain types of media, indicating their preferences and influencing what gets shared. This shows that users are not just passive consumers but actively engage in curating the content available in these channels.In Pirated Software channels, requests often involve software updates or modifications. Telegram, launched in 2013 by Pavel Durov, was designed to provide secure and private messaging. Its end-to-end encryption for secret chats and user-friendly interface set it apart from other messaging apps 1.
Inside Threat Actors: Dark Web Forums Vs Illicit Telegram Communities
However, it is important to note that dark web forums are not without risks, as they may be monitored by law enforcement. Therefore, it is important for users to be aware of the risks and potential consequences of participating in these forums. Ultimately, it is up to each individual user to decide which platform best meets their needs. Gathering threat intelligence on how cybercriminals operate is one of the most effective ways of ensuring that your security matches the most up-to-date attack techniques. In the evolving world of digital communication, Telegram has increasingly been compared to the dark web due to its growing use for illicit activities.
Crypto Dark Wolf ™ Telegram Channel
Since the WhatsApp privacy policy controversy in January 2021, Telegram rapidly gained traction as a privacy-focused alternative, attracting users seeking secure communication channels. However, its growing popularity also caught the attention of threat actors, who recognized its potential as a dark web-adjacent platform for facilitating cybercrime operations. The combination of encrypted messaging, large group capacities, and anonymity made Telegram an attractive hub for threat intelligence activity, underground marketplaces, and illicit coordination efforts.
Infected Devices And Illicit Telegram Channels
- This shift has not only reshaped how operations are run but also how law enforcement approaches surveillance and takedowns.
- Unlike the dark web, which requires specialised software and operates in secrecy, Telegram is accessible through standard devices and applications.
- It aggregates logs from various sources, including those stolen using LummaC2 and Stealc malware.
- You might also click on a link that takes you to a phishing site—known as an “off-platform scam.”
- These groups are dangerous as they can compromise our security and expose illegal content.
- Over time, numerous malicious groups have established Telegram-based cybercrime networks, leveraging the platform to distribute stolen data, organize hacking campaigns, and conduct dark web operations.
Stolen credentials, often obtained through data breaches or other malicious means, are crucial tools for cybercriminals. They include usernames, email addresses, passwords, and other sensitive information that can grant unauthorised access to individuals’ and organizations’ accounts. These stolen credentials are then sold or shared within illicit Telegram channels, providing easy access for cybercriminals to exploit their victims.
- PureVPN is the best-in-class VPN that not only provides you with digital freedom but also takes care of your digital security when you are browsing the web.
- While all group topics contained some degree of bot activity, it was moderate in darknet groups—particularly when compared to linguistic and education groups, where it accounted for almost 30 percent of activity.
- A privacy researcher, Matt Brown of Brown Fine Security, found a number of vulnerabilities in Motorola Reaper HD license plate readers.
- Because they cannot be accessed without specialised software or know-how, these forums provide users with a sense of anonymity and privacy, making them attractive to those engaging in illegal activities.
- Called Huione Guarantee, it provides scammers with personal data and tools to perpetrate their frauds.
Breached Data
Due to this, Telegram attracted many cybercriminals, hackers, drug dealers, hate-speech promoters, racists, journalists, and political activists. When the FBI and Europol announced the takedown of Genesis Market in 2023, a site known for selling digital fingerprints, many expected demand to dissipate; instead, buyers and sellers regrouped on Telegram. According to researchers, hundreds of micro-markets sprang up in private channels. Analysts noted that Telegram enabled a shift toward decentralised “broker networks,” where smaller groups coordinated sales of Genesis-style data. This decentralised model makes it far more challenging to target with a single operation.
Telegram: The Modern Hades Of The Digital Underworld
By utilising these channels, cybercriminals can securely and discreetly share stolen credentials with potential buyers. When comparing dark web forums to illicit Telegram groups, it is important to consider the different levels of privacy each offers its users. On one hand, dark web forums are not accessible through traditional search engines, meaning that only those who know how to access them can gain entry.
My Ex Stalked Me, So I Joined A ‘dating Safety’ App Then My Address Was Leaked
Interestingly, 14.4% of the posts included links that directed users to interact with a bot . This approach is likely designed to evade security detectors, as the pirated content is not directly available from the post. Figure 5-a shows an example of a channel that shared episodes of One Piece (Piece, 1999) in a sequential format on a weekly (or bi-weekly) basis as they are released.
Hacker groups, underground markets, and ransomware networks began using Telegram to distribute stolen data, sell hacking tools, and coordinate illicit operations. For a long time, the lack of strict moderation allowed these communities to grow unchecked, turning the app into an extension of Dark Web forums. Although in recent years the platform has taken steps to crack down on these activities, it remains a central hub in the world of cybercrime. While Telegram was once a safe haven for illicit activity, recent policy changes have forced many threat actors to reconsider their presence on the platform. In September 2024, Telegram introduced AI-based content moderation, making it more difficult for cybercriminals to share and access illegal materials. Many hacktivist and cybercriminal groups have since started migrating to alternative platforms, such as Signal, Discord, and decentralized messaging networks.
Illicit Telegram Communities: The Direct To Consumer Model
The study, which is available as a preprint, also looked at bot activity, a common practice across groups that is used to moderate content and welcome users, among other things. While all group topics contained some degree of bot activity, it was moderate in darknet groups—particularly when compared to linguistic and education groups, where it accounted for almost 30 percent of activity. A new study has shed light on the world of Telegram’s darknet groups, showing Russian is the most dominant language across these groups on the popular messaging app, followed by English.
And although Telegram’s owners have taken measures to limit the number of cyber threats (for example, by eliminating some of the Chinese cybercrime markets2) the risks seem to persist. Encryption is an interesting topic when it comes to illicit cybercriminal activity. Telegram offers end-to-end encryption for messages by default, which helps to avoid potential man-in-the-middle attacks that can snoop on messages in transit. Dark web forums and marketplaces also have an encryption option but threat actors need to use something like Pretty Good Privacy (PGP) to ensure encryption, which is less convenient. Any such services that were sought by a user in one of these malicious communities were often directed to navigate from Telegram to a dark web forum directly. Additionally, in some of the communities beyond financial fraud there are a great number of these groups sharing about and boosting recent exploits.
This environment mirrors the dark web’s function, where anonymity and encryption allow users to engage in illicit activities with relative impunity. Users have found the app to be a convenient medium for buying and selling illegal goods, from drugs to stolen credit card information. The platform’s structure, which supports anonymous group creation and minimal oversight, facilitates these transactions 2. By joining specialised groups, users can discreetly exchange illegal items, highlighting the platform’s role in enabling covert trade operations. The ease with which users can access these groups underscores the app’s function as a digital marketplace for illicit activities.
Since July of last year, Elliptic has highlighted the enormous volume of money laundering and other illicit transactions taking place on Huione Guarantee and later Haowang Guarantee. By Elliptic’s accounting in a January report, the market and its rebrand had facilitated more than $24 billion in total transactions, which would make it by far the largest single black market operation in the internet’s history. Concerns regarding data handling also persist, and reports of user data being turned over to foreign authorities in Germany have raised concerns about privacy implications. These incidents reveal the ongoing struggle between Telegram’s privacy promises and the practicalities of managing illegal activities. The tension between user privacy and operational transparency underscores the complexity of balancing security and privacy in the digital age.
Attention Dark Web Users!
Distributing pirated media is a serious offense actively banned by organizations and authorities alike to protect intellectual property rights (Greco, 2023). Detailed information about the quality of the video (such as the resolution, e.g., 720p, 1080p, 4K) was also provided.Similar to other CACs, there were several sources for distributing the content. 34.6% of the posts had the media as an attached file that could be directly downloaded by the user. For 42.3% of the posts, the user would be directed to an external website where the content could either be streamed or downloaded. We also saw 8.7% of the channels, which had an affinity for a single external website.
These features attracted privacy-conscious users but also made it appealing to individuals engaging in illicit activities. Unlike the dark web, which requires specialised software for access, Telegram operates over standard internet protocols, making it more accessible and mainstream. In this channel, people all around the world share platforms for crypto trading, a list of dark websites to access, and other resources for dark web users. There’s no risk in joining this channel as it doesn’t promote illicit content, instead, it shares useful information for dark web users.
