3 weeks ago
10
Image Credits:Lam Yik/Bloomberg / Getty Images8:18 AM PDT · March 23, 2026
Iranian authorities hackers are utilizing Telegram arsenic a mode to bargain information from hacked dissidents, absorption groups, and journalists who reason the authorities astir the world, according to an FBI alert published connected Friday.
In the archetypal signifier of the attack, the hackers interaction their targets and unreal to beryllium a known interaction oregon tech support, and are tricked into accepting a nexus to a malicious record masquerading arsenic morganatic apps, specified arsenic Telegram and WhatsApp. Once the people installs the malware, the 2nd signifier of the onslaught connects the infected unfortunate with Telegram bots that let the hackers to remotely bid and power the victim’s computer. This allows the hackers to summation distant power of the victims’ devices to bargain files, instrumentality screenshots, and grounds Zoom calls, according to the FBI.
Using Telegram arsenic a mode to remotely power a victim’s instrumentality is a communal method by hackers to fell malicious activity among morganatic web traffic, which makes it harder for cybersecurity defenders and anti-malware products to identify.
According to the FBI, the hackers liable for these attacks are allegedly moving for Iran’s Ministry of Intelligence and Security (MOIS). The FBI said these attacks are an illustration of Iranian authorities hackers’ attempts to propulsion the regime’s “geopolitical agenda.”
Contact Us
Do you person much accusation astir Handala, oregon different Iran-linked hacking operations? From a non-work device, you tin interaction Lorenzo Franceschi-Bicchierai securely connected Signal astatine +1 917 257 1382, oregon via Telegram, Keybase and Wire @lorenzofb, oregon by email.
In the alert, the FBI mentioned the pro-Iranian and pro-Palestine fake hacktivist radical Handala, though it’s not wide if the attacks referenced successful the alert were carried retired by this group.
Earlier this month, Handala claimed responsibility for an onslaught connected aesculapian tech elephantine Stryker, which resulted successful the wiping tens of thousands of worker devices.
In an 8-K filing with the U.S. Securities and Exchange Commission connected Monday, Stryker said it is inactive recovering from the hack.
Techcrunch event
San Francisco, CA | October 13-15, 2026
Last week, the U.S. Justice Department accused Handala of being a beforehand for Iran’s government, specifically the MOIS, and for being down the Stryker hack. At the aforesaid time, the FBI took down and seized 2 websites linked to Handala, and 2 different sites linked to different Iranian hacktivist radical called “Homeland Justice.” In the caller FBI alert, the bureau said the 2 groups are linked and controlled by the MOIS.
The FBI did not respond to a petition to supply much information. Telegram besides did not respond to a petition for comment.
Lorenzo Franceschi-Bicchierai is simply a Senior Writer astatine TechCrunch, wherever helium covers hacking, cybersecurity, surveillance, and privacy.
You tin interaction oregon verify outreach from Lorenzo by emailing lorenzo@techcrunch.com, via encrypted connection astatine +1 917 257 1382 connected Signal, and @lorenzofb connected Keybase/Telegram.
English (US) ·