api.telegram.org

C&C Exfiltration

None

Telegram is being increasingly used as a C&C server by attackers. CheckPoint reported that a Remote Access Trojan, ToxicEye, used Telegram for C&C. One additional benefit of using Telegram as a C&C server is it allows attackers to use their mobile device to access infected machines.

Data can be exfiltrated onto Telegram by using a bot controlled by the attacker and sending it the data as a private message. This was demonstrated by SecurityBoulevard.

None