FBI Alerts on Iranian Malware Campaign via Telegram Targeting Dissidents

Severity: High (Score: 77.0)

Sources: English.Mathrubhumi, Industrialcyber.Co, Bleepingcomputer, Iranintl, Securityaffairs.Co

Summary

The FBI has issued a warning regarding Iranian cyber actors deploying malware through the Telegram messaging app to target dissidents, journalists, and opposition figures globally. This operation, attributed to Iran's Ministry of Intelligence and Security (MOIS), utilizes Telegram as a command-and-control system to infiltrate devices, steal data, and conduct 'hack-and-leak' operations aimed at damaging reputations. The campaign has been active since at least 2023 and employs social engineering tactics to trick victims into downloading malicious files disguised as legitimate applications. The FBI's alert comes amid heightened geopolitical tensions following recent US strikes in Iran. Users are advised to exercise caution with unsolicited communications, keep software updated, and report suspicious activities. Iran has not responded to these allegations. Key Points: • Iranian cyber actors are using Telegram to deploy malware against global dissidents. • The campaign has been active since at least 2023, utilizing social engineering tactics. • The FBI has issued an alert urging users to take protective measures against the malware.

Key Entities

• Malware (attack_type)
• Iran (country)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1071 - Application Layer Protocol (mitre_attack)
• T1566.001 - Spearphishing Attachment (mitre_attack)
• Telegram (platform)