- 903
- 246
Telegram is increasingly being mentioned not only as a convenient messaging app but also as a key platform for cybercriminals. According to a new report from Cyfirma analysts, the platform has effectively become the "operations center" of modern cybercrime.
Previously, closed forums on the Tor network were the main symbol of the digital underground. Accessing them was difficult, and after each law enforcement raid, entire criminal ecosystems collapsed in a single day .
Telegram, according to researchers, has proven to be a much more resilient alternative. If a channel is blocked, it can be recreated in minutes and subscribers redirected to a backup platform.
Cyfirma calls this the "platformization of cybercrime." Illegal services increasingly resemble legitimate IT businesses: subscriptions, automation, updates, technical support, and real-time advertising. Launching an attack no longer requires an experienced developer—a Telegram account and a small budget are sufficient.
Cyfirma notes that a wide variety of services are sold within these channels, such as access to hacked corporate networks. "Malware-as-a-service" schemes are common: subscriptions to malware with updates and instructions are common. There are also automated bots that allow searching through databases of leaked passwords and banking data directly within the messenger.
Telegram is used not only as a marketplace but also as a pressure tool. Hacktivists use it to coordinate attacks and spread propaganda. Extortion groups publish countdown timers and fragments of stolen data, increasing psychological pressure on victims.
The dark web hasn't disappeared, but its role has changed. While deals were previously concluded on hidden forums, they now often begin there, with the main activity moving to Telegram.
As Cyfirma notes, the messenger hasn't completely replaced Tor, but has become its logical continuation—faster, more scalable, and more accessible. This brings the digital underground much closer to the average user than before.
Last month, Russian authorities decided to begin slowing down the Telegram messenger in Russia. A little later, Peskov stated that Telegram is recording a large amount of content that "could potentially pose a danger to Russia."
Previously, closed forums on the Tor network were the main symbol of the digital underground. Accessing them was difficult, and after each law enforcement raid, entire criminal ecosystems collapsed in a single day .
Telegram, according to researchers, has proven to be a much more resilient alternative. If a channel is blocked, it can be recreated in minutes and subscribers redirected to a backup platform.
Cyfirma calls this the "platformization of cybercrime." Illegal services increasingly resemble legitimate IT businesses: subscriptions, automation, updates, technical support, and real-time advertising. Launching an attack no longer requires an experienced developer—a Telegram account and a small budget are sufficient.
Cyfirma notes that a wide variety of services are sold within these channels, such as access to hacked corporate networks. "Malware-as-a-service" schemes are common: subscriptions to malware with updates and instructions are common. There are also automated bots that allow searching through databases of leaked passwords and banking data directly within the messenger.
Telegram is used not only as a marketplace but also as a pressure tool. Hacktivists use it to coordinate attacks and spread propaganda. Extortion groups publish countdown timers and fragments of stolen data, increasing psychological pressure on victims.
The dark web hasn't disappeared, but its role has changed. While deals were previously concluded on hidden forums, they now often begin there, with the main activity moving to Telegram.
As Cyfirma notes, the messenger hasn't completely replaced Tor, but has become its logical continuation—faster, more scalable, and more accessible. This brings the digital underground much closer to the average user than before.
Last month, Russian authorities decided to begin slowing down the Telegram messenger in Russia. A little later, Peskov stated that Telegram is recording a large amount of content that "could potentially pose a danger to Russia."