- Confidential and Proprietary - Luminar Annual Threat Landscape Report Page 17 easy to use, it provides a fair degree of anonymity and has a simple registration process, making it a convenient platform for cybercriminals to expand their market and reach new customers. For those reasons, hacktivists tend to choose Telegram, which helps them transfer messages and tools, as illustrated in the two events below: + In late-September 2022, hacker groups used Telegram to aid anti-government protestors in Iran bypass regime restrictions and censorship. These groups allow people in Iran to communicate with each other and share news. 42 + Amid the Russia-Ukraine conflict, many anti-Russian groups were created on Telegram and grew steadily every single day, rising to over 250K users per group. Messages in those groups urged followers to conduce DDoS attacks against Russian targets. 43 Based on research published in August 2022, there is evidence that hacktivists, in addition to cyber criminals, are continuously moving to Telegram. The researchers noted that hacktivist groups who had used Facebook and Twitter in the past to advertise defacements and other activities, were recently observed using Telegram as their primary communication application. Furthermore, the researchers noted that several older groups that used Facebook are no longer active, while new groups that use Telegram have emerged. Telegram has not joined Facebook or Twitter in introducing new policies to disable group accounts promoting malicious or illegal activities, making it a preferable choice for threat actors who wish to avoid being banned. 44 4.2.1 Accessibility and Convenience In general, Telegram is more accessible for users than the Dark Web, so hackers can reach a much wider audience and share information a lot quicker. Additionally, Telegram enables threat actors to conduct criminal operations by forming and joining groups and channels that align with their interests and goals. There are Telegram channels dedicated for sharing leaked data, some of which have over 10k subscribers. Hackers post data dumps with brief explanations on such channels. Moreover, the set of decentralized tools that Telegram develops nowadays is expected to serve as an advantage for threat actors using the app. Telegram also enables threat actors to create bespoke channels for their set of specific interests. In comparison, some marketplaces can be rigid due to their structure, making them dedicated to specific products. Switching to Telegram eliminates possible commissions that could be demanded in 42 https://blog.checkpoint.com/2022/09/28/hacker-groups-take-to-telegram-signal-and-darkweb-to-assist- protestors-in-iran/ 43 https://blog.checkpoint.com/2022/03/02/telegram-becomes-a-digital-forefront-in-the-conflict/ 44 https://intel471.com/blog/why-cybercriminals-are-flocking-to-telegram