Iran-Linked Actors Use Telegram for Malware Attacks on Dissidents

Iran-linked threat actors, attributed to the country’s Ministry of Intelligence and Security (MOIS), are using Telegram as a command-and-control (C2) infrastructure to distribute malware targeting Iranian dissidents, journalists, and opposition groups globally. The FBI has issued warnings about these cyber campaigns, which facilitate surveillance and data theft. The malware is deployed after initial compromise, though specific technical details or variants are not disclosed. No exact dates, CVE IDs, or victim counts were provided in the report. The primary impact includes unauthorized access to sensitive information and potential monitoring of targeted individuals.