Telegram War Front

Check Point Research (CPR) monitors Telegram activities and has collected a number of relevant data on the current conflict in Eastern Europe.

On the day Russia invaded Ukraine, CPR reported a sixfold increase in the number of Telegram war groups.

71% of these groups surveyed by CPR promote flash news with raw and often unconfirmed information. 23% have been set up to coordinate cyber attacks against Russia, mainly DDoS. 4% of Telegram groups are asking for cryptocurrency donations in support of Ukraine. In a new post, CPR provides data and examples for each of the teams, as well as four cybersecurity tips for people using Telegram.

Some Telegram groups that coordinate cyberattacks in Russia have more than 250.000 users

- CPR provides examples from a group asking users to attack Russian websites, as well as attacks via SMS and calls

- CPR urges people wishing to make donations to Ukraine to be careful when sending money

Check Point Research (CPR) has been monitoring the Telegram closely throughout the ongoing Russia-Ukraine conflict, saying Telegram conflict groups have increased sixfold on the day Russia invaded Ukraine. CPR has distinguished groups based on three different characteristics, which are:

A. Flash News and Updates (71% of groups observed)
B. Hacking \ Hacktivist groups targeting Russia (23%)
C. Donation requests for Ukraine (4%)
D. Other issues related to the conflict, some inactive and without users (2%)

Characteristics and examples of group A: Flash News / Updates

  Telegram allows the import of conversations from WhatsApp

Basic features:
- Very active
- Thousands of messages a day, 24/7
Reports unprocessed, uncensored reruns of war zones
- Shares unconfirmed information and possible misinformation

Figure 1. Live news channel “Russia vs. Ukraine Live news ”with over 110K users on Telegram


Figure 2. War reporting channel in Ukraine, with over 20 thousand users on Telegram


Characteristics and examples of group B: Hacktivists targeting Russia

Basic features:
- Hackers, IT Professionals and other "IT fans".
- Teams are used to coordinate attacks and select targets
- Teams assist each other in carrying out attacks and exchanging results
Some groups have more than 250.000 users
- DDoS the most common attack request, followed by attacks via SMS and calls

Figure 3. SMS attacks and calls to Russian targets


Figure 4. The Mark team invites users to attack Russian websites by providing URLs.


Characteristics and examples of group C: Donation scams
Basic features:
- Most donations require a cryptocurrency
- Teams have tens of thousands of users
- Many groups are suspicious and most likely fraudulent

Figure 5. Group raising funds through Bitcoin and Ethereum accounts - Over 20k users


Figure 6. Donation support team for Ukraine on Telegram


Comment by Oded Vanunu, Head of Products Vulnerabilities Research at Check Point Software:

"Telegram has become a digital arena of conflict, where people choose sides on the internet. We see people from all over the world organizing and having the resources to support either Russia or Ukraine. Some groups are coordinating cyber attacks targeting Russia. Other groups serve as information and news hubs to present the raw side of the war. Other groups are demanding money either to support Ukraine or to commit fraud. Overall, we have seen a sixfold increase in Telegram groups on the Russia-Ukraine war since the day Russia invaded Ukraine. I highly recommend that people keep a close eye on their Telegram activity and the types of people they can come in contact with. There is a side in the Telegram that wants to take advantage of the supporters of either Ukraine or Russia. We are currently sharing what we see in the Telegram and our initial comments. We will continue to monitor the activity on Telegram in the coming weeks ".

Cyber ​​security tips for Telegram users

1) Do not click random links. Do not click on links that are of unknown origin to you, especially in times of crisis and extreme circumstances. Criminals can take advantage of the situation to try to steal credentials, personal information and other personal information by sending malware or phishing links
2) Beware of suspicious requests. If a message from an unknown source makes a request or request that seems unusual or suspicious, this may be an indication that it is part of a phishing attack.
3) Think twice before sending money. Sending money to unknown sources for help can often lead to fraud. Be careful who you contact and what kind of information you are asked to provide. Social media messaging is not the right platform for big financial transactions, especially in unrecognized sources.
4) Verify your sources. Follow the news and seek the "truth" from reliable sources that you can trust.

Registration in via email

Your email for sending each new post

Follow us on Google News at Google news

Although the press releases will be from very select to rarely, I said to go ... because sometimes the authors are hiding.

Leave a reply

Your email address Will not be published.

6 + 2 =  

Previous Story

Is your child a hacker?

Next Story

Kodi 19.4 Matrix has just been released