Christine Schönig, Regional Director Security Engineering CER, Office of the CTO at Check Point
In this context, our experts have also warned against phishing e-mails aimed at scamming people who want to donate to Ukraine from abroad. Now the virtual conflict is expanding:
Various interest groups have begun to organize themselves through the Telegram news program. This started with the fact that the Ukrainian government officially organizes an IT army via Telegram as a group consisting of volunteers, but also of professional hackers recruited on the Dark Net and in underground forums. The group already has more than 175,000 members and has issued a list of Russian targets to be attacked “by all means”. The growth of such Telegram groups has now become rapid and the different groups pursue different goals. The daily user traffic in Telegram even increased a hundredfold and recently reached a peak of 200,000 active users per group. Especially new groups for Ukrainian attacks against Russia are growing steadily every day and have already exceeded over 250 000 members per group. But some of them, disguised as fundraisers for Ukraine, are suspected of being fraudulent. In addition, newsfeed groups bypass official news agencies and spread their own news about the situation. It is therefore difficult to separate verified facts from claims and lies or to clearly grasp the intentions of the different groups.
Since the outbreak of war on February 24, our experts have been closely monitoring the growing activity on Telegram. They report about six times as many groups engaged in combat as the day before the Russian invasion.
Three types of groups stand out in particular:
- Numerous newsfeed groups that spread news about the war bypassing the official channels (71 percent of the watched groups).
- Attack groups against Russia, which urge their followers to attack Russian targets virtually by any means, mainly DDoS attacks (23 percent).
- Groups that call on their followers to support Ukraine through fundraising, but whose authenticity is doubtful and who are often suspected of fraud (four percent).
In recent years, the encrypted instant messaging application Telegram has become the preferred platform of hackers and activists. Therefore, this is not the first time that our specialists have reported on disturbing activities on Telegram. In previous investigations, they have shown how criminals are increasingly using the platform for black market activities, such as trading with fake vaccination certificates in the course of the pandemic. However, they also pointed out that Iranian or Chinese citizens who are politically persecuted use Telegram.
Recommendations for using Telegram for your cyber security
- Do not wildly click on links whose origin you do not know, especially in these extreme circumstances. Criminals could take advantage of the situation and try to steal login details, private details and other personal information – or money – by sending malware or phishing links.
- Be wary of suspicious requests. If a message from an unknown source is a request or makes a claim that seems unusual or suspicious, this may be an indication that it is part of a phishing attack.
- Think twice before sending money as a donation to unknown sources asking for help, because this can often be a scam. Pay attention to who you are communicating with and what kind of information is required of you. Messages on social media are not the right platform for large financial transactions or intimate details, especially when talking to unfamiliar people.
- Check news sources and look for the claimed facts yourself.
It remains to be noted: as long as the war will continue, Telegram will also be a much hotter patch than previously suspected, since honest activists, recruited hackers in the mercenary service, scammers and propaganda groups will now pounce on users in large numbers.