The FBI has issued an alert warning that Iranian government hackers, linked to Iran's Ministry of Intelligence and Security (MOIS), are using Telegram bots as command-and-control infrastructure in malware attacks targeting dissidents, opposition groups, and journalists worldwide. The attack begins with social engineering — posing as known contacts or tech support — to trick victims into installing malware disguised as legitimate apps like Telegram or WhatsApp. Once infected, attackers can steal files, take screenshots, and record Zoom calls. The FBI also connected these operations to the pro-Iranian hacktivist group Handala, which recently claimed responsibility for a destructive attack on medical tech company Stryker, wiping tens of thousands of employee devices. The Justice Department has accused Handala of being a front for MOIS, and the FBI has seized websites linked to the group.
Table of contents
Disrupt 2026: The tech ecosystem, all in one roomSave up to $300 or 30% to TechCrunch Founder SummitSort: