Signal

FBI warns of Iranian and Russian hackers exploiting Telegram and Signal for malware and phishing attacks

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-03-22 22:12 UTCUpdated 2026-03-23 18:35 UTC

rss

cveexploitsmalwarethreat_actorsincident_response

Source links open

Source links and full evidence are open here. Archive history, compare-over-time, alerts, exports, API, integrations, and workflow are paid.

Back Evidence (4)Get the free brief by email Start free trial

No card needed for the free brief.

Evidence trail (top sources)

top sources (4 domains)

4 top sources shown

FBI: Iranian hackers targeting opponents with Telegram malware

CyberScoop · News · cyberscoop.com · 2026-03-23 18:35 UTC

Iran-backed Handala uses Telegram for C2 to push malware, FBI says

SC Media · News · scworld.com · 2026-03-23 18:19 UTC

FBI warns of Handala hackers using Telegram in malware attacks

bleepingcomputer_all · News · bleepingcomputer.com · 2026-03-23 09:45 UTC

Russian hackers go after high-value targets through Signal

Help Net Security · News · helpnetsecurity.com · 2026-03-23 09:14 UTC

View all evidence

Overview

The FBI has issued alerts about Iranian government-linked hackers using Telegram as a command-and-control channel to deploy malware targeting dissidents, journalists, and opponents worldwide.

Score total

1.53

Momentum 24h

4

Posts

4

Origins

4

Source types

1

Duplicate ratio

0%

Why now

The FBI has escalated alerts amid heightened geopolitical tensions involving Iran and its adversaries.
Recent attacks include a hack on medical device maker Stryker, demonstrating real-world impact.
Simultaneous Russian phishing campaigns on Signal indicate a broader trend of targeting secure messaging platforms.

Why it matters

Secure messaging apps like Telegram and Signal are exploited by state-linked hackers to target dissidents, journalists, and high-value individuals.
Using messaging apps as command-and-control channels complicates detection and mitigation efforts for cybersecurity defenders.
These campaigns result in intelligence theft, data leaks, and reputational harm, impacting global security and privacy.

LLM analysis

Topic mix: lowPromo risk: lowSource quality: high

Recurring claims

Iranian hackers linked to the Ministry of Intelligence and Security use Telegram to deploy malware targeting dissidents and opponents worldwide.
Russian intelligence-linked hackers are conducting phishing campaigns on Signal targeting high-value individuals including government personnel and journalists.

How sources frame it

FBI Alert: neutral
FBI And CISA Alert: neutral

Consolidated multiple FBI alerts on Iranian and Russian state-linked hacking campaigns exploiting secure messaging apps for malware and phishing.

All evidence

All evidence

FBI: Iranian hackers targeting opponents with Telegram malware

CyberScoop · cyberscoop.com · 2026-03-23 18:35 UTC

Iran-backed Handala uses Telegram for C2 to push malware, FBI says

SC Media · scworld.com · 2026-03-23 18:19 UTC

FBI warns of Handala hackers using Telegram in malware attacks

bleepingcomputer_all · bleepingcomputer.com · 2026-03-23 09:45 UTC

Russian hackers go after high-value targets through Signal

Help Net Security · helpnetsecurity.com · 2026-03-23 09:14 UTC

Show filters & breakdown

Posts loaded: 0Publishers: 4Origin domains: 4Duplicates: -

Platform

Publisher

Origin domain

Relevance tier

Duplicates only

Showing 4 / 0

Top publishers (this list)

CyberScoop (1)
SC Media (1)
bleepingcomputer_all (1)
Help Net Security (1)

Top origin domains (this list)

cyberscoop.com (1)
scworld.com (1)
bleepingcomputer.com (1)
helpnetsecurity.com (1)