Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Iranian government hackers are using Telegram as a way to steal data from hacked dissidents, opposition groups and journalists who oppose the regime around the world. According to the FBI alert Posted on Friday.
In the first phase of the attack, hackers contact their targets, pose as a known contact or technical support, and are tricked into accepting a link to a malicious file masquerading as legitimate apps, such as Telegram and WhatsApp. Once the target installs the malware, the second phase of the attack connects the infected victim to Telegram bots that allow hackers to remotely take over and control the victim’s computer. This allows hackers to remotely take control of victims’ devices to steal files, take screenshots, and record Zoom calls, according to the FBI.
Using Telegram as a means of remote control of the victim’s device It is a common technique used by hackers to hide malicious activities Among legitimate network traffic, making it difficult for cybersecurity defenders and anti-malware products to identify it.
According to the Federal Bureau of Investigation (FBI), the hackers responsible for these attacks allegedly work for Iran’s Ministry of Intelligence and Security (MOIS). The FBI said these attacks are an example of Iranian government hackers’ attempts to advance the regime’s “geopolitical agenda.”
Contact us
Do you have more information about Handala or other hacking operations linked to Iran? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, via Telegram, Keybase, Wire @lorenzofb, or By email.
In the alert, the FBI mentioned the fake pro-Iranian and pro-Palestinian group Hanzala, although it is not clear whether the attacks referenced in the alert were carried out by this group.
Earlier this month, Handala claimed responsibility An attack on medical technology giant Stryker, resulting in the wiping of tens of thousands of employee devices.
in 8K file Stryker said with the US Securities and Exchange Commission on Monday that it was still recovering from the breach.
TechCrunch event
San Francisco, California
|
October 13-15, 2026
last week, The US Department of Justice charged Handala Because he is a front for the Iranian government, specifically the Ministry of Intelligence and Security, and because he is behind the Stryker hack. At the same time, The FBI shut down and seized two websites Linked to Hanzala, and two other sites linked to another Iranian activist group called Homeland Justice. In a recent FBI alert, the bureau said the two groups were linked to the Ministry of Intelligence and Security.
An FBI spokesman said in an email that the bureau had “nothing additional to add.”
Telegram spokesman Remy Vaughn said the platform’s moderators “routinely remove any accounts found to be involved in malware.”
Updated to include FBI and Telegram response.