The FBI has warned that Iran is using Telegram as a tool to spy on dissidents, journalists, and opposition groups across the globe.
Quick Summary – TLDR:
- Iran linked hackers are using Telegram to spread malware and monitor targets worldwide.
- Campaign targets journalists, dissidents, and anti government groups.
- Malware enables data theft, surveillance, and reputational attacks.
- FBI urges users to stay cautious, update devices, and use strong security measures.
What Happened?
The FBI issued a public alert warning that Iranian cyber actors are using Telegram to deliver malware and spy on individuals critical of the government. The campaign has reportedly been active since at least 2023 and is tied to Iran’s intelligence network.
The agency said the activity comes at a time of rising geopolitical tensions, making the threat more urgent for global users and organizations to understand.
FBI Alert — Iranian Actors Using Telegram as Malware C2 Infrastructure
— Dark Web Intelligence (@DailyDarkWeb) March 20, 2026
The FBI Cyber Division has issued a FLASH advisory warning that Iranian state-linked cyber actors are leveraging Telegram as command-and-control (C2) infrastructure to distribute malware.
The activity… pic.twitter.com/1gmgbTLsHD
How Iran Is Using Telegram for Cyber Espionage?
According to the FBI, cyber actors linked to Iran’s Ministry of Intelligence and Security are using Telegram as a command and control system to run their operations.
This means the platform is not just used for communication but also to manage malware infections remotely. Once a device is compromised, attackers can:
- Access sensitive files and data.
- Capture screenshots from infected systems.
- Monitor user activity in real time.
- Carry out hack and leak campaigns.
The goal is not just surveillance but also to damage the reputation of targets by leaking stolen information.
Who Is Being Targeted?
The campaign focuses on individuals and groups seen as a threat to the Iranian government. The FBI highlighted key targets such as:
- Journalists critical of Iran.
- Iranian dissidents living abroad.
- Opposition groups and activists.
- Organizations with anti government views.
Officials also warned that the malware could be used against high value individuals, including government officials, military personnel, political figures, and journalists.
Tactics Used in the Attacks
The attackers rely heavily on social engineering, tricking victims into downloading malicious files disguised as common applications.
Once installed, the malware enables attackers to gain remote access, extract files, and monitor activity. In some cases, it specifically targets Windows systems to collect screenshots and sensitive data.
The FBI linked these activities to groups such as Handala, also known as Handala Hack Team, Hatef, and Hamsa, along with the Homeland Justice threat group tied to Iran’s Islamic Revolutionary Guard Corps. These groups have been involved in previous cyberattacks and data leak operations.
Authorities also noted that infrastructure linked to these groups, including multiple domains, was recently seized after being used to publish stolen data from global cyberattacks.
FBI Issues Security Recommendations
The FBI is urging both individuals and organizations to take preventive measures to reduce risk. These include:
- Avoid clicking on unsolicited messages or unknown links.
- Only download apps from trusted sources.
- Keep software and devices updated.
- Use strong passwords and multi factor authentication.
- Enable antivirus and security tools.
Users are also encouraged to report any suspicious activity to authorities.
Why This Matters Now?
The warning comes during what the FBI describes as an elevated geopolitical climate, with tensions in the Middle East influencing cyber activity.
Cyber operations are increasingly being used to target individuals globally, not just governments or corporations, making this threat more widespread and personal.
SQ Magazine Takeaway
I think this story clearly shows how cyber warfare is no longer limited to governments or big companies. Regular people, especially those who speak out, are now direct targets.
What stands out to me is how simple tricks like fake files and messages are still highly effective. Even with advanced technology, human error remains the biggest weakness. Staying alert online is no longer optional, it is essential.
