The search for threat actors is a never-ending pursuit for organizations like DarkOwl, organizations that must leverage all sorts of tools to learn as much as they can about their cybersecurity enemies. They look at every possible resource as well. And right now, one of the most critical resources is the secure messaging app.
Secure messaging apps, like Telegram, have become critical intelligence vectors in the 2020s thanks to their appeal on the dark web. Threat actors appreciate secure messaging apps because of their unique combination of security and privacy. Some offer creative usability features that make them the ideal way to communicate and coordinate across the darkest corners of the internet.
4 Key Features Threat Actors Love
As an expert open-source intelligence (OSINT) provider, DarkOwl emphasizes the need to pay close attention to secure messaging apps in the pursuit of threat actors. Using Telegram as an example of the industry’s standards, there are four key features threat actors love:
- Encryption – Encrypted communication is the backbone of illicit trade and activities across the dark web. Threat actors need every opportunity to protect themselves from messages being intercepted and read.
- Group Communication – Many secure messaging apps offer the opportunity to set up large groups and entire channels. Threat actors can communicate over vast areas of the dark web to reach as many participants as they like.
- Real-Time Results – Unlike email and text messages that can suffer from delays, secure messaging apps offer near real-time results. Messages are transmitted and received instantly.
- Layered Communication – Secure messaging apps offer the ability to establish layered communications using private messages, group messages, and broad channels.
Given a choice among the full array of communication options now available online, threat actors are more likely than ever before to choose secure messaging apps. Telegram is the most used right now.
How Threat Actors Secure Messaging
Threat actors are doing more with secure messaging apps than conducting idle conversations about the weather and sports. They are using the apps to facilitate all sorts of illicit activity. Here are just a few examples of how they are using the apps:
1. Selling Data and Services
Telegram channels can function as secure marketplaces for selling all sorts of illicit data and services. Threat actors can purchase compromised account details, credit card numbers, malware, and even hacking tools via secure messaging apps.
2. Information Dissemination
Secure messaging apps can be used by international terrorist organizations and hactivists alike to disseminate information. For example, well-known groups like Hamas and ISIS have used Telegram to recruit members, coordinate attacks, and spread propaganda.
Their activities are enhanced through encryption and large-member group support. It takes very little effort for a terrorist or hacktivist group to spread information far and wide.
3. Malware Distribution
What the industry refers to as advanced persistent threat (APT) actors have been known to you secure messaging apps to distribute malware. They can target healthcare, fintech, and other industries through illicit software embedded in posted files.
Advanced Tools for Better Intelligence
The encryption, anonymization, and secrecy features today’s secure messaging apps offer make penetrating them more difficult than ever before. Cybersecurity experts need advanced tools to get in, get the intelligence they want, and transform the data into actionable insights.
Making matters more challenging is the growth and scale of apps like Telegram. Threat actors have figured out how valuable such apps are, and they are latching on with incredible enthusiasm. It is up to cybersecurity experts to find a way in. Otherwise, they risk being left far behind by their nemeses.
