Google Threat Analysis Group Finds That Iranian Hacking Group Has Targeted Telegram

Google Threat Analysis Group has released research on APT35, an Iranian hacking group targeting high-value individuals in the US and elsewhere. One of the attackers’ novel techniques is using Telegram for operator notifications. The attacker embedded JavaScript into phishing pages that notify them when the page has been loaded. They use the Telegram API sendMessage function to send the notification, which lets anyone use a Telegram bot to send a message to a public chancel:

“The attackers use this function to relay device-based data to the channel, so they can see details such as the IP, useragent, and locales of visitors to their phishing sites in real-time. We reported the bot to Telegram, and they have taken action to remove it,”

Seeing as Telegram is typically used by people who want to conduct their activities in secret, this isn’t a trivial hack by APT35. Edward Roberts, VP of Marketing, Neosec:

“This attack follows the trend that attacks are typically a sequence of tactics employed by the hacker. Increasingly, with the ubiquitous adoption of APIs by organizations, it is no surprise that APIs are one of the tactics used in these sophisticated attacks. We expect APIs to increasingly become the focus for bad actors.”

Additionally, SmartBear’s annual State of Software Quality API survey has been released, identifying industry benchmarks, methodologies and tools used by software teams to manage API lifecycle. Key findings include:

  • A majority of API practitioners operate in a multi-protocol landscape. Of those surveyed, 57% state they use three or more protocols within their organizations.
  • Developers are increasingly involved in testing and are taking on more testing responsibilities with close to 60% reporting they are directly involved in API testing.
  • “Ease of use” was reported as being the top factor driving API tool choice along with the most important characteristic consumers need in an API.
  • The biggest obstacles to ensuring consistent quality of APIs as well as API documentation are “increasing demands for speed of delivery” and “limited time due to workload.”

Telegram has addressed this issue, but other organizations should take steps to make sure that whatever APIs the they use are not vulnerable.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: