Hackers working for Iran’s government are using Telegram in hacking operations that use malware to target dissidents, opposition groups, and journalists who oppose its regime, according to the FBI.

TechCrunch (TC) is a leading technology news and media site that covers the latest trends, startups, and innovations in the tech industry. With breaking news,  analysis, and expert commentary, TechCrunch provides  insights into the world of technology and entrepreneurship. Developers can learn about emerging technologies, funding opportunities, and market trends by following TechCrunch's coverage of the tech industry.

TechCrunch

The FBI has issued an alert warning that Iranian government hackers, linked to Iran's Ministry of Intelligence and Security (MOIS), are using Telegram bots as command-and-control infrastructure in malware attacks targeting dissidents, opposition groups, and journalists worldwide. The attack begins with social engineering — posing as known contacts or tech support — to trick victims into installing malware disguised as legitimate apps like Telegram or WhatsApp. Once infected, attackers can steal files, take screenshots, and record Zoom calls. The FBI also connected these operations to the pro-Iranian hacktivist group Handala, which recently claimed responsibility for a destructive attack on medical tech company Stryker, wiping tens of thousands of employee devices. The Justice Department has accused Handala of being a front for MOIS, and the FBI has seized websites linked to the group.

FBI says Iranian hackers are using Telegram to steal data in malware attacks

Disrupt 2026: The tech ecosystem, all in one room

Save up to $300 or 30% to TechCrunch Founder Summit