53% increase in cybercriminal activity on Telegram during May and June, according to Kaspersky

Amid growing concerns about the security of Telegram, the Kaspersky Digital Footprint Intelligence team has conducted a comprehensive analysis of channels operating covertly on the popular messaging platform. The results of this study reveal a troubling increase in the use of Telegram by cybercriminals, who use the platform to carry out various illicit activities within the underground market.

Cybercriminals have established channels and groups on Telegram dedicated to discussing fraud schemes, distributing leaked databases, and trading various criminal services. These services include illegal monetization, document forgery, and DDoS attacks as a service, among others. According to Kaspersky’s Digital Footprint Intelligence data, the volume of messages related to these activities increased by 53% from May to June 2024, compared to the same period the previous year.

Alexey Bannikov, an analyst with Kaspersky Digital Footprint Intelligence, points out that the growing interest of cybercriminals in Telegram is due to several factors. Firstly, the platform boasts a vast audience of 900 million monthly users, according to Telegram’s founder Pavel Durov. Secondly, Telegram is promoted as a secure and independent tool that does not collect user data, providing malicious actors with a sense of security and impunity. Additionally, the ease of finding or creating communities on Telegram allows cybercriminals to quickly gather a large audience.

One of the features that facilitates participation in Telegram’s underground community is the simplicity of joining. Anyone with malicious intentions only needs to create an account and subscribe to available criminal sources to become part of this criminal network. Furthermore, Telegram lacks an advanced reputation system, like those found on dark web forums, which according to Kaspersky’s study “Business on the dark web: deals and regulatory mechanisms,” leads to a proliferation of scammers within the platform’s cybercriminal space.

Another notable trend in the report is the use of Telegram by hacktivists to make statements and express their opinions. The platform’s large user base and rapid content distribution through Telegram channels make it a convenient tool for inciting DDoS attacks and other disruptive methods against specific infrastructures. Additionally, cybercriminals can make stolen data from attacked organizations public through hidden channels on Telegram, further increasing the risk for companies.

In response to this alarming trend, Kaspersky Digital Footprint Intelligence has published a comprehensive and free guide for tracking activities in the shadow market and managing data-related incidents. This resource aims to help companies mitigate the cyber risks associated with these criminal activities.

via: MiMub in Spanish

Scroll to Top
×