Iranian state-sponsored actors are using the Telegram messaging platform as a command-and-control (C2) channel to deliver malware to specific, identified targets. The article does not specify a software vulnerability, CVSS score, affected software versions, or a patch, as the threat is a targeted intrusion method rather than a product flaw. Security professionals should monitor for anomalous network traffic to Telegram infrastructure and consider blocking or inspecting such traffic in high-risk environments.
2026-03-20 (Back to Inventory) Government of Iran Cyber Actors Deploy Telegram C2 to Push Malware to Identified Targets Author(s): FBI Organization: FBI Open article directly Open article on Archive.org Related Articles 2026-01-08 ⋅ FBI ⋅ IC3 North Korean Kimsuky Actors Leverage Malicious QR Codes in Spearphishing Campaigns Targeting U.S. Entities 2025-06-05 ⋅ FBI ⋅ FBI Alert Number: I-060525-PSA - Home Internet Connected Devices Facilitate Criminal Activity BADBOX 2025-05-07 ⋅ FBI ⋅ FBI Cyber Criminal Services Target End-of-Life Routers to Launch Attacks and Hide Their Activities TheMoon