Share this article on:
Check Point Research (CPR) has been monitoring activities occurring on Telegram observed from around the current conflict after Russia attacked Ukraine.
Telegram has become a digital forefront for cyber attacks, fraud and news feeds with cyber criminals and hacktivists leveraging the messaging app for conflict-related activities.
CPR has documented a six-fold increase in Telegram groups themed on the war on the day Russia invaded Ukraine.
Check Point’s threat intelligence arm, has been closely monitoring Telegram throughout the current Russia-Ukraine conflict, and has characterised these groups:
Telegram has become a digital forefront of the conflict, where people are choosing sides online, according to Oded Vanunu, head of products vulnerabilities research at Check Point Software.
"We’re seeing people from all corners of the world organising themselves and resources to support either Russia or Ukraine."
"Some groups are coordinating cyber attacks to target Russia.
"Other groups are serving as information and news hubs to report a raw side of the war and other groups are requesting funds to either support Ukraine or commit fraud," Vanunu said.
Key Characteristics:
Examples:
Figure 1. Live news channel: "Russia vs. Ukraine Live news" with over 110,000 users on Telegram.
Figure 2. Ukraine war report channel, with over 20,000 users on Telegram.
Characteristics and examples of Group B: Hacktivists targeting Russia:
Key Characteristics:
Examples:
Figure 3. A shoutout for SMS and call-based attacks on Russian targets.
Figure 4. The "Mark" group is calling users to attack Russian websites, providing URLs.
Characteristics and examples of Group C: Donations Scams
Key Characteristics:
Examples:
Figure 5. Group raising funds through bitcoin and Ethereum accounts – Over 20,000 users.
Figure 6. Ukraine donation support group on Telegram.
Cyber safety tips for Telegram users
According to CPR analysts, don’t click on links that have origins that are unfamiliar to you, especially in times of crisis and extreme circumstances.
Criminals might leverage and exploit the situation to try and steal credentials, private details and other personal information by sending out malware or phishing links.
In addition, beware of suspicious requests. If a message from an unknown source makes a request or a demand that seems unusual or suspicious, this might be evidence that it is part of a phishing attack.
Think twice before sending money. Sending money to unknown sources requesting assistance may often result in fraud. Beware with whom you are communicating and what kind of information you are being asked to provide. Social media messages are not the platforms for large financial transactions, especially to unrecognised sources.
Verify your sources. Consume news feeds and seek the "truth" from reliable sources that you can trust.
According to Vanunu, CPR analysts are sharing what it has seen on Telegram and initial observations with updated information to follow.
"I strongly recommend people to watch their Telegram activity closely and the types of people you may come in contact with."
"There’s a side on Telegram looking to take advantage of supporters of either Ukraine or Russia.
"We’ll continue to monitor Telegram activity in the weeks ahead," Vanunu concluded.
[Related: ICS vulnerability reports double, accelerate in 2021]