The Federal Bureau of Investigation has issued a warning about a cyber campaign in which Iranian government-linked hackers are using the messaging platform Telegram to steal sensitive data from targets worldwide.
According to the alert, the attackers primarily target dissidents, journalists, and opposition groups. In the initial stage, hackers pose as trusted contacts or technical support representatives and trick victims into clicking on malicious links. These links often appear as legitimate applications such as WhatsApp or Telegram.
Once the victim installs the malware, the attackers gain access to the device. The malware then connects to Telegram-based bots, allowing hackers to remotely control the system. This enables them to steal files, capture screenshots, and even record video calls.
Security experts note that using Telegram helps attackers hide their activities within normal internet traffic, making detection more difficult for cybersecurity systems.
The FBI has linked these operations to Iran's Ministry of Intelligence and Security, stating that such cyber activities are aimed at advancing the country's geopolitical interests. The alert also mentioned a pro-Iranian group known as Handala, although its direct involvement in these specific attacks remains unclear.
Recent developments have also tied Handala to a cyberattack on Stryker, which disrupted thousands of employee devices. Authorities in the United States have since taken action against websites linked to such groups.
In response, Telegram stated that it actively removes accounts involved in malicious activities. The FBI has advised users to remain cautious, avoid suspicious links, and ensure proper cybersecurity practices to prevent such attacks.
