Telegram is a messaging app that is used by many people around the world for a variety of
purposes. However, it has also become a hub for cybercrime activities, including the sale
and leakage of stolen personal and corporate data, the organization of cybercrime gangs,
the distribution of hacking tutorials, hacktivism and the sale of illegal physical products
such as counterfeits and drugs.
There are several other messaging apps that are favored by cybercriminals, but Telegram
is one of the most popular. This presents a significant challenge for security researchers
trying to combat cybercrime on the platform.
One reason why Telegram is attractive to cybercriminals is its alleged built-in encryption
and the ability to create channels and large, private groups. These features make it difficult
for law enforcement and security researchers to monitor and track criminal activity on the
platform. In addition, cybercriminals often use coded language and alternative spellings to
communicate on Telegram, making it even more challenging to decipher their
conversations.
This report, compiled by KELA, aims to provide an in-depth understanding of why Telegram
has become a significant player in the cybercrime ecosystem. It covers various services,
products and cybercrime activities that exist on the platform, as well as the threat actors
involved. The report also includes showcases for each topic, highlighting specific examples
of the types of activities that take place on Telegram. In addition, the report lists prominent
groups and channels that are involved in these activities, providing a comprehensive
overview of the scope and scale of cybercrime on the platform.
Overall, Telegram has become a thriving ecosystem for cybercrime and will likely continue
to be a major challenge for security researchers and law enforcement.