If you're in the cybersecurity space, you know there is always activity on the dark web. What is unique about the dark web though, is it only not happening in hidden forums or onion sites too like it once may have - it has transferred heavily to Telegram. Yes, that app you share memes with, and chat with your friends is now the vibrating environment hackers, data dealers, and threat actors in general are using.
Odd, right? In fact, this seems like an insane fact to share but the reason being, is that Telegram with its encrypted chats and extreme user bases, has been used as a "legitimate" area for cybercriminals to leak information, talk hacks, and sell any stolen data in plain open sight. The good fact is, there are some smart security teams smart enough to retain a good amount of vigilance and are monitoring certain Telegram groups that reside in this grey area of the dark web. Lets discussed a few of the Telegram groups should be monitored, and why it relates, is relavent, or is significant.
Tracking these groups is not about probing, but instead detecting early. You will see the trend before it hits the mass media, meaning you can act more quickly.
Because that's where the leaks tend to start. Almost always before a leak is posted on large breach forums, a teaser or communication of it will appear first.
Telegram groups also reveal heightened information about hacker behavior including language, tools, industry focus, etc. If you've ever wondered why certain ransomware groups have hit similar sectors of industry at the same time - it's often Telegram chatter that explains it.
Odd, right? In fact, this seems like an insane fact to share but the reason being, is that Telegram with its encrypted chats and extreme user bases, has been used as a "legitimate" area for cybercriminals to leak information, talk hacks, and sell any stolen data in plain open sight. The good fact is, there are some smart security teams smart enough to retain a good amount of vigilance and are monitoring certain Telegram groups that reside in this grey area of the dark web. Lets discussed a few of the Telegram groups should be monitored, and why it relates, is relavent, or is significant.
1. Dark Monitor
Serving as an early warning siren for those working in the cybersecurity world, Dark Monitor consistently posts new vulnerabilities, leaked databases, ransomware victims, etc. If you'd like to see trouble before it hits the headlines, this is the list to follow.2. Data Leak Monitor
Think of it as your data leak radar. Every time there's a data leak, it captures the leaked data - compromised emails, stolen databases, sensitive corporate files - anything you can think of. The Data Leak Monitor captures it and continuously uploads instances of data leaks each time someone notifies it about a leak. This tool is worth following if you care about preventing the exposure of customer or employee data.3. Daily Dark Web
If you'd like your updates in bite-size form and have grown tired of the endless scrolling, Daily Dark Web summarizes some of the most significant cyber incidents that have occurred by hacker groups on telegram and other dark web sites (it serves as a nice middle ground to stay informed without the information overload).4. Ransomlook
This group just focuses on one thing - ransomware. It summarizes new victims, ransom notes, and has links to some of the leaked files provided by different ransomware gangs. Monitoring a group like this is beneficial so that the team can be prepared when a company you work for (or with) is in trouble.Tracking these groups is not about probing, but instead detecting early. You will see the trend before it hits the mass media, meaning you can act more quickly.
Why Cybersecurity Teams Should Care
So, why even bother with Telegram when you are already getting alerts out of these fancy threat intelligence platforms?Because that's where the leaks tend to start. Almost always before a leak is posted on large breach forums, a teaser or communication of it will appear first.
Telegram groups also reveal heightened information about hacker behavior including language, tools, industry focus, etc. If you've ever wondered why certain ransomware groups have hit similar sectors of industry at the same time - it's often Telegram chatter that explains it.
