How Adversary Telegram Bots Help to Reveal Threats: Case Study

SUMMARY :

This analysis examines a phishing campaign targeting Italian and US users, focusing on credential harvesting for Microsoft services and Italy's PEC system. The attackers use Notion workspaces and other cloud platforms to host phishing pages, exfiltrating stolen data via Telegram bots. The campaign, active since 2022, employs simple techniques and off-the-shelf tools, suggesting either low technical expertise or a focus on access brokering. The study demonstrates how intercepting Telegram bot communications can aid in profiling threat actors and provides insights into the campaign's evolution, victimology, and attacker characteristics.

OPENCTI LABELS :

phishing,telegram,exfiltration,credential harvesting,notion,pec,cloud platforms


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


How Adversary Telegram Bots Help to Reveal Threats: Case Study