SOCRadar® Cyber Intelligence Inc. | The Exodus Began: Alternatives for Telegram
Home

Resources

Blog
Sep 27, 2024
11 Mins Read

The Exodus Began: Alternatives for Telegram

As Telegram implements new policies to curb illegal activities by using AI to detect and hide unlawful content, threat actors are increasingly moving away from the platform. This significant shift is driven by growing concerns over data privacy, anonymity, and security amongst many, including threat actors and everyday users. Telegram, once known for its strong focus on privacy, is now perceived as less secure by many in the underground world. Threat actors, hacktivist groups, and cybercriminal communities are seeking alternative platforms to continue their operations with minimal exposure to law enforcement.

For a broader analysis on Telegram’s evolving landscape and the migration of users to other platforms, you can check out our discussion on the topic in a previous blog post: Telegram’s Uncertain Future: Shift to New Platforms.

Telegram’s Policy Shift: A Breach of Trust?

Telegram’s new measures, announced on September 23, 2024, mark a drastic departure from the platform’s once-celebrated privacy ethos. For example, one of the most notable responses to Telegram’s recent changes comes from Deanon Club, closely affiliated with the KillNet group. In a post dated September 23, 2024, Deanon Club criticized Telegram’s latest implementation of an AI-based tool designed to identify and suppress illegal content. They highlighted that this AI will make it significantly harder to find restricted content on Telegram, drawing a direct comparison to platforms like Instagram, WhatsApp, and Facebook, which are notorious for their lack of anonymity.

Deanon Club’s guide for Telegram - how to use a non-anonymous tool

Deanon Club’s guide for Telegram – how to use a non-anonymous tool

The post expresses growing disillusionment with Pavel Durov, the founder of Telegram, accusing him of moving away from the platform’s original focus on user privacy and anonymity. According to Deanon Club, Telegram’s once core appeal—privacy—was instrumental in its rapid growth, but the recent shift feels like a betrayal to its target audience, which includes cybercriminals and hacktivist groups who rely on the platform’s discretion. In their view, Telegram is now following a path similar to mainstream social media platforms that prioritize compliance with law enforcement over user anonymity.

Deanon Club advises its followers to adopt new strategies for using Telegram under the assumption that the platform can no longer be trusted to protect their privacy. They recommend implementing a secure VPN, using anonymous phone numbers for registration, and setting up cloud-based passwords. More advanced users are encouraged to configure proxy servers both within and outside of Telegram. The overall message is clear: every interaction on Telegram should now be treated with extreme caution, as the platform could potentially expose users’ identities to authorities.

Threat Actors’ Migration to New Platforms

Several threat actors and hacktivist groups have already announced their plans to move from Telegram to other platforms. Some examples from different motivated threat actors are as follows:

Anonymous Collective: Known for their decentralized activism, Anonymous Collective expressed concerns about Telegram’s new data-sharing policies and is considering moving to other social media platforms that offer better privacy protections.

Anonymous Collective’s Telegram post

Anonymous Collective’s Telegram post

CyberVolk: This hacktivist group has decided to shift their communications to Twitter (X), Session, and Discord. According to their statement, Telegram’s new policies compromise user privacy, making it unsafe for their activities.

CyberVolk’s Telegram post

CyberVolk’s Telegram post

Al Ahad: Islamist oriented Al Ahad has announced that they are transitioning to Signal, a platform renowned for its end-to-end encryption and robust security features. They have urged their members to join their new Signal channel as they plan to close their Telegram presence soon.

Al Ahad’s Telegram post

Al Ahad’s Telegram post

Where Are They Migrating Next?

As threat actors leave Telegram, they are turning to platforms that provide the anonymity and security they desire. Here’s a closer look at the alternative platforms they are choosing:

1. Signal

Signal logo

Signal logo

Signal has long been a favorite among privacy-conscious users due to its strong encryption protocols. End-to-end encryption ensures that even the platform itself cannot read users’ messages. Signal also does not retain message metadata, which makes tracking users’ activity difficult for law enforcement. This has made it an attractive alternative for groups like Al Ahad.

Signal’s FAQ section

Signal’s FAQ section

2. Discord

Discord logo

Discord logo

Originally a platform for gamers, Discord has become a hub for various communities, including those with malicious intent. The platform’s flexibility, ease of use, and ability to host large, organized groups through servers make it a convenient choice for threat actors. Despite some moderation efforts by Discord, its relative anonymity compared to Telegram continues to attract cybercriminal communities like CyberVolk.

  • Discord and Signal are the most popular choices due to their robust encryption and versatile features. Discord supports chat, voice, and video communication, making it appealing for users looking to interact in real-time. However, despite its encryption capabilities, Discord remains subject to US legal jurisdiction, which may limit the level of anonymity some users desire.

As stated in Discord’s website: “For requests of user data other than EEA or UK user data: Discord Inc. is headquartered in the U.S. and subject to U.S. law which may prevent the production of certain information. Requests should be addressed to Discord Inc. Discord Inc. will respond to valid legal process issued by a U.S. court and properly served on it in the U.S. To achieve this, you will need to work through the applicable process for international legal assistance. See 28 U.S.C. § 1782. For more information, you may wish to contact the Office of International Judicial Assistance at the U.S. Department of Justice.”

3. Session

Session logo

Session logo

A newer platform gaining traction among privacy advocates, Session is designed to offer decentralized, anonymous messaging without any centralized servers. It doesn’t require a phone number or email address for registration, making it appealing for those looking to evade surveillance. CyberVolk mentioned Session as one of their new communication channels due to its extreme focus on privacy and anonymity.

4. X (formerly Twitter)

X

X

Though not traditionally considered a highly secure platform, X remains a popular option for hacktivists and cybercriminals due to its broad reach and ability to quickly disseminate information to a large audience. CyberVolk’s decision to use X reflects their need for a platform where they can maintain a public presence while also interacting with their followers, However, we should add that before this policy change, X was already actively used by many groups.

5. Facebook

Facebook logo

Facebook logo

Although Facebook has strict policies against illegal activities, some threat actors have turned to its encrypted messaging service, WhatsApp. While not as widely adopted as Signal or Discord in these circles, WhatsApp’s end-to-end encryption makes it a viable option for some who need a more mainstream tool for private communication.

Moreover, XMPP-based (Extensible Messaging and Presence Protocol) applications are gaining popularity as decentralized messaging platforms, allowing users to run their own servers for enhanced data privacy and security. Services like Jabber offer encrypted messaging and can be configured for greater anonymity. IRC networks, once considered outdated, are experiencing a resurgence due to their customizable, open-source nature, which allows for private server setups and additional encryption. Moreover, dark web forums and decentralized platforms are increasingly favored, often accessible only via Tor. These networks provide levels of privacy and anonymity that mainstream platforms lack, prompting threat actors to migrate to these niche alternatives as they seek the secrecy now threatened on Telegram.

Below is the table for comparison of different alternatives:

*Decentralization refers to the distribution of control and decision-making across multiple nodes or participants, rather than relying on a single centralized authority. In the context of communication platforms, this means that no single entity owns or controls the entire infrastructure. 

**While several platforms like Telegram, WhatsApp, and Signal support end-to-end encryption (E2EE), there are variations in how it is implemented. For instance, Telegram’s Secret Chats are end-to-end encrypted, but regular chats are only encrypted in transit and stored on Telegram’s servers. 

The Telegram cybercrime landscape, as highlighted earlier, is predominantly shaped by hacktivist groups. A key factor for these groups is the need for an audience to engage with their content. While many are exploring alternative platforms, having a large audience will remain crucial for their visibility and influence. Although Telegram’s popularity extends beyond hacktivist circles, it is likely to stay a relatively favored platform. The remaining functionalities, such as technical aspects of platform use and Operational Security (OpSec), while important, tend to be secondary to audience reach. Hacktivism thrives on the engagement and attention it receives.

In Summary

Telegram’s new policies, while intended to curb illegal activities, may have unintended consequences. The platform risks losing its most privacy-conscious users, including legitimate individuals who value anonymity for personal reasons. Meanwhile, threat actors are adapting to these changes by migrating to platforms that still offer the security they need to carry out their activities.

For Telegram, this shift could mean a reduction in the illicit activities that once populated its platform. However, it also signals a broader trend: the continuous cat-and-mouse game between law enforcement and cybercriminals, who will always seek out new platforms where they can operate with less scrutiny.

As threat actors abandon Telegram, their migration to platforms like Signal, Discord, and others underscores the growing importance of privacy in the digital age. These platforms, now attracting more underground activity, may eventually face the same pressure that led Telegram to change its policies. For now, the battle for privacy continues, with both sides constantly evolving to stay one step ahead.

This shift serves as a reminder for users everywhere: always evaluate the privacy policies and security features of the platforms you use, as the digital landscape is ever-changing.

SOCRadar’s Advanced Dark Web Monitoring: Your Shield in a Shifting Landscape

In this evolving threat landscape where threat actors are migrating from Telegram to other platforms, maintaining vigilance is crucial. SOCRadar’s Advanced Dark Web Monitoring offers comprehensive coverage of various channels, including Telegram, Discord, and the Dark Web. Our platform continuously scans and analyzes these spaces, providing real-time insights into emerging threats and activities that could impact your security posture.

SOCRadar’s Dark Web Monitoring thoroughly scans various corners of the web, ensuring coverage wherever threat actors venture

SOCRadar’s Dark Web Monitoring thoroughly scans various corners of the web, ensuring coverage wherever threat actors venture

With features like monitoring for illicit communications and potential data leaks, SOCRadar ensures that you remain informed about the movements of threat actors and their tactics. In a time when privacy and security are paramount, leveraging SOCRadar’s capabilities can empower organizations to anticipate threats and take proactive measures. By integrating our monitoring solutions, users can better navigate the complexities of the digital landscape and mitigate risks associated with the ongoing exodus from Telegram and beyond.