Receive a Free Deep Web Report for Your Organization
What Happens in Telegram Channels?
Aside from messaging with groups or individuals, Telegram allows one to open groups that can hold up to 200.000 members and create a total anonymous environment. With this opportunity, threat actors can,
- Share news in the cyberworld
- Address corporations’ gaps in their cyber defenses
- Create smaller chat rooms for accepting new members for their subsequent attacks.
- Market & sell leaked data from corporations
- Start auctions for selling some high-value information
- Form VIP groups where they receive periodic fees to get in and periodically share their leaks
- Use telegram bots to deliver malicious software to more device
Long story short, Telegram has become a private shelter for threat actors across the web. Here are the top ten telegram channels.
With the ThreatShare module, SOCRadar will instantly inform you about what is happening in Telegram channels, what hackers are talking about on dark web forums and cyber security incidents against your digital assets. Learn more about our Extended Threat Intelligence concept.
1. LAPSUS$ Telegram Channel
The famous hacker group shook several government and technology corporations with their attacks within a year, just after they emerged. Lapsus$ has come to the fore by recent takedowns in the UK and ended up arresting seven suspects aged between 16 and 21; two of the suspects are charged with multiple cyber-related crimes.
This telegram channel enables them to post about their attacks & share leaks and contact their victims anonymously. Also, they sometimes use other chatrooms to talk about sharing previous leaks or building infrastructure or teams for their future attacks. Today, this channel has 54k+ subscribers around the globe.
2. RF/RB Bases
Russian originated telegram channel that posts sample leaks regularly to market their stolen information. The channel currently has 260+ subscribers, yet it has 2-3 times more visitors to its posts.
3. Null Leak
Another leak-sharing platform with 3.900+ subscribers, this Ukrainian-based group not only shares leaks but also explains the story behind them. Interestingly, the channel also has a VIP sub-group where all the leaks are shared, and people are encouraged to join this premium channel. However, one of Ares’s admins reached out to SOCRadar and stated that no data was shared with anyone other than VIP users. For Ares’ new channels: @aresmainchannel, @aresfreedatav2, @aresdatabaselist, @ARESNEWSCHANNEL, @aresdatachat .
4. vx underground
Even though they are not known as a cyber threat, vx-underground is a well-known and visited platform in the cyber security world. vx-underground uses Telegram as well as Twitter and their websites. They often collect paper and malware source codes for their database and share news & leaks and updates on their website and collections.
A leak-sharing platform that has been motivated by selling databases of prominent corporations, in Europe and the USA, via VIP sub-groups. Today the Telegram channel has 1.500+ subscribers.
6. W BH (Against the West/BlueHornet)
In general, ATW BH -which is of USA origin and against China and Russia- hacks documents, personal information, and information that has a privileged background that belongs to the target companies, groups, or countries. Additionally, they ruin the hackers of the target countries. All their actions and leaks are published on their Twitter accounts and their Telegram group, which everyone can easily access.
Not only do they explain leaks in a language everyone can understand, but they also quickly respond to the most amateurish questions about the leaks and the hacks vis their account and Telegram group. They also use their Telegram channels as an online sales channel.
7. STORMOUS RANSOMWARE
Since early 2022, the STORMOUS Ransomware organization has claimed responsibility for several assaults.
This group, which has been sharing leaks and information via the dark web for a long time, also shares its actions with people through Telegram channels that everyone can access. They even find buyers for information through Telegram channels.
8. IT (Information Technology) Army
This group started to be used actively, especially after the war between Russia and Ukraine. This malware is taking advantage of the people’s intention to help Ukraine. They are infecting trojans, the people, by using this situation. After collecting data, they are sharing them through Telegram channels.
9. Kelvin Security
Kelvin Security targets the military of the target countries and several areas such as financial services, government agencies, management, aviation, casino & gaming, communications, education, energy, health, and transportation.
Kelvin Security shares their actions and simultaneously leaks from their Telegram accounts, like other hacker groups with Telegram channels. In fact, in March 2022, they hacked the nuclear reactor belonging to Russia during the Russia-Ukraine war. They shared this development with the public on their Twitter accounts and Telegram channels.
10. Breached Data
The intent of this group is to share knowledge about sensitive data like social security numbers, passwords, phone numbers, etc. Also, they may share information such as when it happened or who did this and similar subjects related to this action. They utilize chat rooms for this purpose.
Get SOCRadar Freemium, Follow Dark Web Telegram Channels for Free
With ThreatHose, you can get trends on threat actors and TTPs that can be used with the MITRE ATT&CK framework. ThreatHose can be easily integrated with your SIEM, SOAR, firewall, and EDR products. Discover now and provide a contextual and up-to-date feed to your threat hunting teams.
If you think you have the most up-to-date information on groups and channels here, please contact us: [email protected]
With SOCRadar® Free Edition, you’ll be able to:
- Discover your unknown hacker-exposed assets
- Check if your IP addresses tagged as malicious
- Monitor your domain name on hacked websites and phishing databases
- Get notified when a critical zero-day vulnerability is disclosed
Free for 12 months for 1 corporate domain and 100 auto-discovered digital assets. Get free access.