Government of Iran Cyber Actors Deploy Telegram C2 to Push Malware to Identified Targets

Other | 03/20/2026

The Federal Bureau of Investigation (FBI) is releasing this FLASH to disseminate information on malicious cyber activity conducted by actors on behalf of the Government of Iran Ministry of Intelligence and Security (MOIS). Specifically, MOIS cyber actors are responsible for using Telegram as a command-and-control (C2) infrastructure to push malware targeting Iranian dissidents, journalists opposed to Iran, and other opposition groups around the world. This malware resulted in intelligence collection, data leaks, and reputational harm against the targeted parties. The FBI is releasing this information to maximize awareness of malicious Iranian cyber activity and provide mitigation strategies to reduce the risk of compromise.

To read more, please log in

Related Content

This site is operated by NetDiligence®. Links found within this site may open a new browser window and take you outside the Sompo International's Cyber Risk Portal to another website, the contents of which are maintained by third parties over whom NetDiligence and Sompo International have no control. We provide links to these external sites for your convenience and awareness. We accept no responsibility for the content of linked sites. Upon request of the content source, we will remove links.
Privacy Policy | Terms of Use