The Top 10 Dark Web Telegram Chat Groups and Channels

After the privacy policy scandal of WhatsApp in January 2021, Telegram was one of the trending apps to replace WhatsApp regarding its privacy policy. This situation makes Telegram more popular than ever before! Due to Telegram’s high privacy standards, this popularity attracted a brand-new customer channel, threat actors.

Under these standards, many malicious groups move their platform to Telegram, where they can talk, exchange data, or even sell the leaks they had online. Regarding it all can be done in secret without exposing any identity due to the privacy policy, Telegram has become a malicious groups’ favorite messaging app.

What Happens in Telegram Channels? 

Aside from messaging with groups or individuals, Telegram allows one to open groups that can hold up to 200.000 members and create a total anonymous environment. With this opportunity, threat actors can,

• Share news in the cyberworld
• Address corporations’ gaps in their cyber defenses
• Create smaller chat rooms for accepting new members for their subsequent attacks.
• Market & sell leaked data from corporations 

• Start auctions for selling some high-value information
• Form VIP groups where they receive periodic fees to get in and periodically share their leaks
• Use telegram bots to deliver malicious software to more device

Long story short, Telegram has become a private shelter for threat actors across the web. Here are the top ten telegram channels.

With the Dark Web Monitoring module, SOCRadar will instantly inform you about what is happening in Telegram channels, what hackers are talking about on dark web forums and cyber security incidents against your digital assets.

Furthermore, SOCRadar monitors the Dark Web about leaked data and releases news about them instantly on the Dark Web News module. SOCRadar aims to detect leaked data and inform the victim before an incident becomes a disaster.

1. LAPSUS$ Telegram Channel

The famous hacker group shook several government and technology corporations with their attacks within a year, just after they emerged. Lapsus$ has come to the fore by recent takedowns in the UK and ended up arresting seven suspects aged between 16 and 21; two of the suspects are charged with multiple cyber-related crimes.

This telegram channel enables them to post about their attacks & share leaks and contact their victims anonymously. Also, they sometimes use other chatrooms to talk about sharing previous leaks or building infrastructure or teams for their future attacks. Today, this channel has 54k+ subscribers around the globe.

2. RF/RB Bases

Russian originated telegram channel that posts sample leaks regularly to market their stolen information. The channel currently has 260+ subscribers, yet it has 2-3 times more visitors to its posts.

3. Null Leak

Another leak-sharing platform with 3.900+ subscribers, this Ukrainian-based group not only shares leaks but also explains the story behind them. Interestingly, the channel also has a VIP sub-group where all the leaks are shared, and people are encouraged to join this premium channel. However, one of Ares’s admins reached out to SOCRadar and stated that no data was shared with anyone other than VIP users. For Ares’ new channels: @aresmainchannel, @aresfreedatav2, @aresdatabaselist, @ARESNEWSCHANNEL, @aresdatachat .

4. vx underground

Even though they are not known as a cyber threat, vx-underground is a well-known and visited platform in the cyber security world. vx-underground uses Telegram as well as Twitter and their websites. They often collect paper and malware source codes for their database and share news & leaks and updates on their website and collections.

5. Ares

A leak-sharing platform that has been motivated by selling databases of prominent corporations, in Europe and the USA, via VIP sub-groups. Today the Telegram channel has 1.500+ subscribers.

6. W BH (Against the West/BlueHornet)

In general, ATW BH -which is of USA origin and against China and Russia- hacks documents, personal information, and information that has a privileged background that belongs to the target companies, groups, or countries. Additionally, they ruin the hackers of the target countries. All their actions and leaks are published on their Twitter accounts and their Telegram group, which everyone can easily access. 

Not only do they explain leaks in a language everyone can understand, but they also quickly respond to the most amateurish questions about the leaks and the hacks vis their account and Telegram group. They also use their Telegram channels as an online sales channel.

7. STORMOUS RANSOMWARE

Since early 2022, the STORMOUS Ransomware organization has claimed responsibility for several assaults.

This group, which has been sharing leaks and information via the dark web for a long time, also shares its actions with people through Telegram channels that everyone can access. They even find buyers for information through Telegram channels.

SOCRadar detected that the Stormous ransomware group had attacked 37 enterprises in 2022.

8. IT (Information Technology) Army

This group started to be used actively, especially after the war between Russia and Ukraine. This malware is taking advantage of the people’s intention to help Ukraine. They are infecting trojans, the people, by using this situation. After collecting data, they are sharing them through Telegram channels.

9. Kelvin Security

Kelvin Security targets the military of the target countries and several areas such as financial services, government agencies, management, aviation, casino & gaming, communications, education, energy, health, and transportation.

Kelvin Security shares their actions and simultaneously leaks from their Telegram accounts, like other hacker groups with Telegram channels. In fact, in March 2022, they hacked the nuclear reactor belonging to Russia during the Russia-Ukraine war. They shared this development with the public on their Twitter accounts and Telegram channels.

10. Breached Data

The intent of this group is to share knowledge about sensitive data like social security numbers, passwords, phone numbers, etc. Also, they may share information such as when it happened or who did this and similar subjects related to this action. They utilize chat rooms for this purpose.

If you think you have the most up-to-date information on groups and channels here, please contact us: [email protected]