The U.S. Federal Bureau of Investigation (FBI) has warned that Iranian hackers linked to the Ministry of Intelligence and Security (MOIS) are using Telegram as part of malware campaigns.
According to a flash alert released on Friday, these hackers are using Telegram as a command-and-control infrastructure to orchestrate malware attacks. The targets include journalists who criticize the Iranian government, Iranian dissidents, and other opposition groups around the world.
The FBI connected these activities to the pro-Palestinian Handala hacktivist group, also known as Handala Hack Team, Hatef, or Hamsa. It also linked the attacks to Homeland Justice, a threat group tied to Iran’s Islamic Revolutionary Guard Corps (IRGC).
The attackers are using social engineering tactics to trick victims into installing Windows malware. Once inside a system, the malware can steal screenshots and files from infected devices.
The FBI said the warning comes at a time of rising tensions in the Middle East. The agency added that these attacks have led to intelligence gathering, data leaks, and damage to the reputation of the victims. It shared this information to raise awareness and help organizations reduce the risk of being hacked.
A day before the alert, the FBI seized four domains used by these groups: handala-redwanted.to, handala-hack.to, justicehomeland.org, and karmabelow80.org. These websites were used to carry out attacks and publish stolen data from victims in the United States and other countries.
The warning follows a recent attack by the Handala group on U.S. medical company Stryker. In that incident, hackers reset around 80,000 devices, including employee computers and phones, after gaining access to a Windows domain administrator account and creating a new global admin account.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
The FBI also recently warned that Russian-linked hackers are targeting Signal and WhatsApp users through phishing campaigns. These attacks have already compromised thousands of accounts, especially those belonging to government officials, military members, political figures, and journalists.
