Flashpoint told Bleeping Computer that Telegram became a primary platform for cybercriminal, hacktivist, and influence activity after Russia invaded Ukraine.

Why did hacktivists and cybercriminals shift to Telegram after the invasion?

Telegram surged because its minimal moderation and encrypted channels enabled rapid coordination, fundraising scams, and unverified war reporting.

How are cybercriminals and hacktivist groups using Telegram during the war?

Groups use Telegram to coordinate DDoS attacks, expose personal data, solicit fraudulent cryptocurrency donations, and spread propaganda or disinformation.

How does Flashpoint track Telegram-based cyber activity during conflicts?

Flashpoint intelligence monitors Telegram channels, user growth, language cues, and illicit narratives to identify cyber threats and influence operations. Learn more in Flashpoint’s analysis of Telegram intelligence during the Ukraine-Russia war.