FBI Issues Urgent Warning on Handala Hackers Using Telegram as a Stealth Malware Command Channel

The FBI has issued a new cybersecurity warning about a hacking group called Handala. This group is believed to be linked to Iran’s intelligence operations. They are actively carrying out cyberattacks using new techniques. What makes this case serious is their use of Telegram as part of the attack.

According to the FBI, the attackers are using Telegram as a command-and-control system. This means infected devices can be controlled remotely through Telegram. Hackers can send commands, collect data, and stay connected to the system. Since Telegram traffic looks normal, this helps them avoid detection.

The attack usually starts with social engineering methods. Victims are tricked into downloading files that look safe or useful. These files may appear as normal software or trusted tools. Once installed, they silently begin the infection process.

The malware used in these attacks works in multiple stages. In the first stage, it behaves like a legitimate application to avoid suspicion. After gaining access, it moves to the next stage. It then connects the infected system to Telegram for remote control.

Once attackers gain access, they can perform several actions. They are able to steal files and sensitive data from the system. They can also capture screenshots and monitor user activity. This allows them to track everything happening on the device.

The FBI has said that this campaign has been active since at least 2023. The group has mainly targeted dissidents and journalists. It also focuses on individuals critical of the Iranian government. However, the same methods can be used against other targets as well.

In addition to malware attacks, Handala is known for hack-and-leak operations. They steal private data and then release it publicly. This is done to damage reputations or create pressure. These attacks combine both technical hacking and psychological tactics.

Authorities have also linked the group to phishing, data theft, and extortion. In recent cases, they have been connected to attacks on organizations. This shows that their capabilities are increasing over time. The FBI warning highlights how attackers now use common platforms to hide their activities.

Stay alert, and keep your security measures updated!

Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news