A Telegram Bot Told Iranian Hackers When They Got a Hit

The fake VPN isn’t especially innovative, either, and Google says it booted the app from its store before anyone managed to download it. If anyone had fallen for the ruse, though—or does install it on another platform where it’s still available—the spyware can steal call logs, texts, location data, and contacts.

Frankly, APT35 are not exactly overachievers. While they convincingly impersonated officials from the Munich Security conference and Think-20 Italy in recent years, that too is straight out of Phishing 101. “This is a very prolific group that has a wide target set, but that wide target set is not representative of the level of success the actor has,” says Ajax Bash, security engineer at Google TAG. “Their success rate is actually very low.”

This new use of Telegram, though, bears a mention. APT35 embeds javascript in its phishing pages that’s designed to notify them every time the page loads; it manages those notifications through a bot it creates with the Telegram API sendMessage function. The setup gives the attackers instant information about not only whether they successfully got someone to click the wrong link, but where that person is, what device they’re on, and a wealth of other useful information. “Within the context of phishing, they can see if the targeted user clicked the link, or if the page was being analyzed by Google Safe Browsing,” says Bash. “This helps them better engage with the target via follow-up emails because they’ll know the email reached the target, was opened, read, and link clicked.”

find more
find more info
find more information
find out here
find out here now
find out more
find out this here
for beginners
from this source
full article
full report
funny postget more
get more info
get more information
get redirected here
get the facts
go here
go now
go right here
go to the website
go to these guys
go to this site
go to this web-site
go to this website
go to website
going here
great post to read
great site
had me going
have a peek at these guys
have a peek at this site
have a peek at this web-site
have a peek at this website
have a peek here
he has a good point
he said
helpful hints
helpful resources
helpful site
her comment is here
her explanation
her latest blog
her response
here are the findings
his comment is here
his explanation
his response
home page
hop over to here
hop over to these guys
hop over to this site
hop over to this web-site
hop over to this website
how much is yours worth?
how you can help
i loved this
i thought about this
i was reading this
image source
in the know
informative post
investigate this sitekiller deal
knowing it
learn here
learn more
learn more here
learn the facts here now
learn this here now
like it

Public Telegram channel used for attacker notifications.


Courtesy of Google TAG

Charming Kitten didn’t limit itself to classy conference pages, according to security firm Mandiant, which also observed its use of Telegram in July. “The actors created malicious webpages masquerading as an adult content website and a free audio/video calling and instant messenger software,” Mandiant associate analyst Emiel Haeghebaert and senior principal analyst Sarah Jones wrote in an emailed comment. “The landing pages profiled visitors to the page and sent information on the visitors back to a Telegram channel that we suspect the threat actors monitored.”


Leave a Comment

Your email address will not be published.