FBI Warns of Handala Hackers Using Telegram in Malware Attacks
None
<h2><b>What happened</b></h2><p class="p3">The <span class="s2">FBI</span> issued a warning that Iran-linked hackers tied to the country’s <span class="s2">Ministry of Intelligence and Security (MOIS)</span> are using <span class="s2">Telegram</span> as command-and-control infrastructure in malware campaigns. The activity has been attributed to the <span class="s2">Handala</span> hacktivist group and related state-linked actors, who are targeting journalists, dissidents, and opposition groups worldwide. According to the alert, attackers rely on social engineering to infect victims with <span class="s2">Windows-based malware</span>, which is then used to exfiltrate files and screenshots from compromised systems. The FBI said the campaigns are part of broader “hack-and-leak” operations aimed at intelligence collection and reputational damage amid heightened geopolitical tensions.<span class="Apple-converted-space"> </span></p><h2><b>Who is affected</b></h2><p class="p3">Journalists, political dissidents, and individuals critical of the Iranian government are primarily affected, along with organizations and individuals globally who may be targeted through similar malware delivery tactics.<span class="Apple-converted-space"> </span></p><h2><b>Why CISOs should care</b></h2><p class="p3">The campaign shows how attackers are increasingly leveraging widely used messaging platforms like Telegram as covert infrastructure for malware operations, blending social engineering with command-and-control activity.<span class="Apple-converted-space"> </span></p><h2><b>3 practical actions</b></h2><ol> <li class="p3"><span class="s2"><b>Monitor messaging platforms for abuse.</b></span> Watch for suspicious links, files, or communications originating from Telegram-based channels.<span class="Apple-converted-space"> </span></li> <li class="p3"><span class="s2"><b>Harden defenses against social engineering.</b></span> The attacks rely on tricking users into executing malware rather than exploiting software flaws.<span class="Apple-converted-space"> </span></li> <li class="p3"><span class="s2"><b>Detect data exfiltration behavior.</b></span> Monitor for unusual file transfers or screenshot capture activity on endpoints.<span class="Apple-converted-space"> </span></li> </ol><p class="p3"><i>For more coverage of large-scale incidents and threat activity, explore our reporting on </i><a href="https://cisowhisperer.com/tag/cyberattack/"><span class="s2"><b><i>Cyberattacks</i></b></span></a><i>.</i></p><p>The post <a rel="nofollow" href="https://cisowhisperer.com/fbi-warns-of-handala-hackers-using-telegram-in-malware-attacks/">FBI Warns of Handala Hackers Using Telegram in Malware Attacks</a> appeared first on <a rel="nofollow" href="https://cisowhisperer.com/">CISO Whisperer</a>.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/fbi-warns-of-handala-hackers-using-telegram-in-malware-attacks/" data-a2a-title="FBI Warns of Handala Hackers Using Telegram in Malware Attacks"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Ffbi-warns-of-handala-hackers-using-telegram-in-malware-attacks%2F&linkname=FBI%20Warns%20of%20Handala%20Hackers%20Using%20Telegram%20in%20Malware%20Attacks" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Ffbi-warns-of-handala-hackers-using-telegram-in-malware-attacks%2F&linkname=FBI%20Warns%20of%20Handala%20Hackers%20Using%20Telegram%20in%20Malware%20Attacks" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Ffbi-warns-of-handala-hackers-using-telegram-in-malware-attacks%2F&linkname=FBI%20Warns%20of%20Handala%20Hackers%20Using%20Telegram%20in%20Malware%20Attacks" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Ffbi-warns-of-handala-hackers-using-telegram-in-malware-attacks%2F&linkname=FBI%20Warns%20of%20Handala%20Hackers%20Using%20Telegram%20in%20Malware%20Attacks" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Ffbi-warns-of-handala-hackers-using-telegram-in-malware-attacks%2F&linkname=FBI%20Warns%20of%20Handala%20Hackers%20Using%20Telegram%20in%20Malware%20Attacks" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div><p class="syndicated-attribution">*** This is a Security Bloggers Network syndicated blog from <a href="https://cisowhisperer.com">CISO Whisperer</a> authored by <a href="https://securityboulevard.com/author/0/" title="Read other posts by Evan Rowe">Evan Rowe</a>. Read the original post at: <a href="https://cisowhisperer.com/fbi-warns-of-handala-hackers-using-telegram-in-malware-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=fbi-warns-of-handala-hackers-using-telegram-in-malware-attacks">https://cisowhisperer.com/fbi-warns-of-handala-hackers-using-telegram-in-malware-attacks/?utm_source=rss&utm_medium=rss&utm_campaign=fbi-warns-of-handala-hackers-using-telegram-in-malware-attacks</a> </p>