Hacktivists, cybercriminals switch to Telegram after Russian invasion

by · BleepingComputer

Telegram messaging has taken a pivotal role in the ongoing conflict between Russia and Ukraine, as it is being massively used by hacktivists and cybercriminals alike.

According to a report from cybersecurity company Check Point, the number of Telegram groups has increased sixfold since February 24 and some of them, dedicated to certain topics, have ballooned in size, in some cases counting more than 250,000 members.

The following three categories are the main ones gaining in popularity all of a sudden as a direct result of the Russian invasion in Ukraine:

  • Volunteering hackers who engage in DDoS and other kinds of cyberattacks against Russian entities
  • Fundraising groups that accept cryptocurrency donations allegedly for Ukrainian support
  • Various “news feeds” that promise to offer reliable reports from the front-line

Cyber-warfare

The group that stands out among those that lead the anti-Russia cyber-warfare operations is the “IT Army of Ukraine”, which currently counts 270,000 members.

IT Army of Ukraine was formed by cyber-specialists in the country, and the results of its operation became evident quickly.

Coordinating DDoS attacks against specific domains (Check Point)

Apart from launching DDoS attacks targeting key Russian sites, the group also exposes the personal details of opinion-makers in Russia and other people who play a significant role in the conflict.

Crypto-snatchers

Most of the self-declared “donation support” groups in Telegram are scams that take advantage of the situation to steal people’s money.

We have reported similar operations relying on phishing emails, but the same thing manifests on Telegram too, with some of these groups having up to 20,000 members.

Channel operator accepting donations in Bitcoin (Check Point)

Check Point reports that the phenomenon is growing as more fraudsters jump in trying to seize the opportunity to scam well-intended individuals.

Unverified news

The third category that’s booming is news feeds that bypass mainstream outlets and post unedited, uncensored feeds from the war zone, 24/7.

Aside from the fact that publishing unedited war scenes breaches journalistic deontology, many of the news posted on these groups are not checked or verified and could very well be fabricated.

This is even a problem for vetted social media platforms as geopolitical analyst Michael Horowitz admitted when posting footage of a realistic-looking, computer-generated air dogfight created on a video game engine.

Check Point reports that these channels still amass a large number of users. For example, the ‘Ukraine War report’ has 20,000 members, while ‘Russia vs. Ukraine Live news’ has 110,000.

Another news channel aimed at exposing Russian war crimes, ‘Ukrainian Witness’ (Свидетель Украины), has reached 100,000 members.

The War Crimes Telegram channel (Flashpoint)

The goal of the groups that purposefully disseminate false information on Telegram channels is to demoralize the enemy, hoping that the content will be posted on mainstream platforms too.

Some of these channels may post accurate information, but it’s nearly impossible for users to distinguish between real and fabricated reports.

Why Telegram?

Simply put, Telegram is very lightly regulated or moderated, so stopping abuse when flooded with new registrations is an unrealistic expectation.

This is why the platform is considered a haven for cyber-criminals who have been selling illegal material and even services to other pseudonymous users for years now.

Risk intelligence company Flashpoint has touched on this subject in a recent report claiming that 6 out of 10 Russians use Telegram precisely because their country’s authorities can’t impose their oversight on the platform.

The Russian Federal Security Service (FSB) has been eagerly trying to block Telegram for years until they finally gave up in 2020.

If you are using Telegram, it would be advisable to trust only channels you have been visiting before the war started.

Additionally, you should treat all new requests with suspicion and avoid sending money to anyone no matter the claims and presented assurances.

Finally, if you browse Telegram news feeds, avoid re-posting media or written content to other platforms unless you have been able to verify their validity.