PhishIntention identified 829 additional phishing URLs, raising the total to 3,857, representing 28.1% of all URLs shared in these channels. Copyright infringement media and software piracy channels had the largest share of phishing URLs, with 1,507 and 1,110 respectively. These channels attract users seeking unauthorized access to media or software, making them less cautious and more likely to click on unverified links. Cybercriminals exploit this by embedding phishing links within download pages, streaming sites, or advertisements. Additionally, users often disable security features, increasing their vulnerability. In contrast, blackhat resource channels contributed only 87 phishing URLs, as users here tend to have higher technical knowledge and are more vigilant.
We see many of the same threats on Illicit Telegram channels that we see on dedicated dark web markets and forums. In many cases threat actors have moved directly off of more traditional TOR websites, and onto Telegrams offering the exact same goods and services. Encryption is an interesting topic when it comes to illicit cybercriminal activity. Telegram offers end-to-end encryption for messages by default, which helps to avoid potential man-in-the-middle attacks that can snoop on messages in transit. Dark web forums and marketplaces also have an encryption option but threat actors need to use something like Pretty Good Privacy (PGP) to ensure encryption, which is less convenient. Although cybercriminals mostly use a combination of messaging apps, Flare’s research shows that as of January 2025, Telegram is still the most-used communication tool among threat actors.
Why Burnout Is A Growing Problem In Cyber-security
The recent arrest of Pavel Durov, the platform’s founder, has intensified debates about its role in facilitating illicit activities and the adequacy of its moderation standards. In the evolving world of digital communication, Telegram has increasingly been compared to the dark web due to its growing use for illicit activities. With its emphasis on privacy and encryption, Telegram has attracted a diverse range of users, including those exploiting its features for illegal purposes. This article examines how Telegram has become a new frontier for activities traditionally linked to the dark web. It explores its features, the criminal activities facilitated on the platform, and the broader implications for security and regulation. The Darknet Telegram Directory is a curated list of links to various darknet channels and groups available on the Telegram platform.
Web Hosting Company Increases Security Team Bandwidth With Up To 80% Decrease In Threat Research Times
Requests like ”hi bro how i can use it with sender” indicate a need for tutorials or step-by-step instructions, reflecting the technical challenges users face.In Copyright Media channels see requests centered around content availability. Users express interest in more works by specific creators or certain types of media, indicating their preferences and influencing what gets shared. This shows that users are not just passive consumers but actively engage in curating the content available in these channels.In Pirated Software channels, requests often involve software updates or modifications. Telegram’s dark web channels are private or invite-only messaging groups, in which users chat, share information, or otherwise collaborate between themselves. While in no way related to the dark web, these channels are nicknamed “dark web” because of the encryption and secrecy that surrounds them. This moniker also comes from the fact that threat actors may often use these channels to share leaked credentials, disturbing content, or other sensitive information.
What Kind Of Illegal Activities Are Commonly Found On Telegram Channels?
In addition, at TecnetOne we have a cyber patrol solution that allows you to proactively monitor the dark web and other hard-to-reach areas of the Internet, identifying potential threats, illicit activities and data breaches before they can affect your organization. Unlike more specialized cybercrime groups, EMP/mailpass/sqli Chat covers a broad range of topics, including stolen account sales, financial fraud, SQL injection techniques, and malware deployment. Members frequently share logs, stealer data, and access credentials for various platforms, ranging from streaming services and social media to financial accounts and VPN services. The extent of damage caused by cyberattacks conducted by SiegedSec is unknown and many of them have not been mentioned by public news media sources. However, the leaked data shared on their Telegram channel and on deep web forums like Breached could easily be employed by other threat actors to gain access to companies, individuals, and networks by leveraging the private corporate and personal information posted. In Blackhat Resources channels, users share knowledge about using various hacking tools.
SiegedSec: A New Cyber Threat Actor Group
Groups and channels are used to announce future attacks, recruit new members, and distribute or sell compromised databases that have already been obtained. In the following example, a vendor listed the illegal drugs he is offering for sale on one of the well-known dark web markets, which specializes in drug trafficking. The cybercriminal lists his drug offering, along with his illegal Telegram account and other IM apps which potential buyers may contact him via those, for negotiation purposes.
Dark Websites is one of the most famous Telegram channels among dark web users. In this channel, people all around the world share platforms for crypto trading, a list of dark websites to access, and other resources for dark web users. There’s no risk in joining this channel as it doesn’t promote illicit content, instead, it shares useful information for dark web users. In Credential Compromise channels, users request specific functionalities or guidance, such as asking for help with setting up tools for phishing.
2 Unauthorized Software Distribution
The analysis of Telegram’s black market showed that drugs are one of many illicit products traded on the platform. Now based in Dubai, Telegram was started in 2013 by Russian brothers Pavel and Nicolai Durov and now has 700 million active monthly users. Using data over the past year from over 1,300 different drug seller listings on the encrypted messaging app in the UK, the average price for a kilo of cocaine fell from £36,000 in April 2022 to just under £29,000 in April 2023. Party drug prices are falling on the encrypted messaging app despite claims of record seizures by authorities, VICE News analysis shows. Like we wrote in previous Dark Web Pulse posts, there are many other cyber criminal groups who use Telegram, such as RansomHouse, Arvin Club, Lapsus , BlackShoadow, GhostSec, Moses Staff and more.
- Although some of these Telegram groups and channels are technically open to the public, a large number of these secret Telegram groups are only shared within specific communities on Telegram deep web and dark web.
- There are several reasons cybercriminals are drawn to instant messaging platforms.
- The platform’s features, such as encrypted communication and anonymous group interactions, provide a convenient and secure tool for managing cybercriminal operations.
- As cybercriminals continue to exploit dark web markets, Telegram channels, and underground forums, organizations must take a proactive approach to identifying potential risks.
- As the app doesn’t have a solid registration process, anyone could just simply sign up on Telegram.
This aspect aligns with the broader trend of digital platforms serving as enablers for cybercrime, reflecting the dark web’s function in the digital landscape. As cybercriminals continue to exploit dark web markets, Telegram channels, and underground forums, organizations must take a proactive approach to identifying potential risks. Many underground platforms facilitate the sale of stolen credentials, financial data, and corporate information, making it crucial for businesses to monitor whether their sensitive assets have been exposed. We identified 2,039 posts from 36 channels dedicated to distributing unauthorized copies of movies and TV shows.
Narcotics Express is a closed Telegram group, meaning users must request access to view content. However, once they are accepted, these users can trade and purchase illicit drugs, including cocaine, MDMA, and methamphetamines. Even if you don’t get in trouble with the law, paying for substances via a credit card or bank transfer could bite you in the backside if a group member doesn’t deliver your goods or uses your details to commit fraud. While people might try to scrape dark web content and post it in WhatsApp groups, this problem is not as extreme as on Telegram.
If you come across a Telegram channel that violates the law, please contact us using the contacts listed in the site menu. After reviewing the complaint, we will remove this Telegram channel from the search. For the search, you can select the category you are interested in or enter your query in the search bar.
Illicit Telegram Groups Offer Hardened Operations
Others might trick you into signing up for fake NFTs or a bogus cryptocurrency investment scheme. Sorry to break it to you, but Telegram is so much more than chatting to friends and exchanging cute cat GIFs. Although some of these Telegram groups and channels are technically open to the public, a large number of these secret Telegram groups are only shared within specific communities on Telegram deep web and dark web. With so many threat and APT groups actively using Telegram, the platform becomes a vital source of information. Omega Cloud is focused on distributing credentials and other data harvested through info-stealer malware. It shares both free samples and premium packages containing stolen login details from platforms such as Google, YouTube, and advertising networks.
How To Search For Channels In TgramSearch
There has been some migration, but so far only Signal seems to have benefited from the crackdown on Telegram. It is important to note, however, that criminals don’t stick to just one platform. Most criminals appear to be using Telegram as well as other messaging apps, and in fact they may change their messaging app depending on the data they are sharing. Expect cybercriminals to split their operations between messaging apps and traditional underground forums and marketplaces. Comprehensive monitoring requires coverage of both the dark web and messaging apps.
Print + Premium Digital
For ethical reasons, we did not download or interact with the attached files or links. These reports were submitted through their respective vulnerability disclosure programs starting in the first week of April. These channels also share technical insights and resources that, while valuable for legitimate cybersecurity purposes, can be repurposed for malicious intents. For example, 2.7% of posts discussed advanced vulnerabilities like Spectre and Meltdown, providing explanations of how these vulnerabilities operate. However, these discussions also included tips on how similar attacks could be carried out, offering a resource that could be exploited by individuals with malicious intent.
Common Dark Web Hacking Activities
The data appeared to provide pinpoint locations of app users, including as many as 200 based in the U.A.E., where homosexuality is illegal and punishable by imprisonment. Called Huione Guarantee, it provides scammers with personal data and tools to perpetrate their frauds. “With transactions totaling at least $24 billion, it is the largest illicit online marketplace to have ever operated,” cryptocurrency tracker Elliptic wrote in a report today. Elliptic rival Chainalysis had previously said Huione Guarantee had processed as much as $49 billion.
Members exchange tips on using compromised credit cards, highlight recent data dumps, and discuss market-related updates. BidenCash is known for releasing large batches of credit card information publicly to attract buyers, with one of the most recent leaks exceeding 900,000 cards. RipperSec is a Malaysian pro-Palestinian hacktivist group that targets Israel and its allies.
