One of the largest attacks that have been observed recently was that which occurred on social media platform Telegram which is used as a messaging app where there was access and exposure of more than fifteen million Iranian subscribers.
Telegram features
The breech of the platform which uses end-to-end encryption was favored by the users who were privacy and security conscious led to sparking of fears that there may have been a case of sensitive communications within the country being compromised. According to the researchers, there are chances that third parties would have intercepted the 2-step verification message sent form the app and the details used in remote setting up of the accounts. Therefore, such an occurrence makes the users of the platform vulnerable.
Telegram usage
Telegram has been said to have been highly affiliated with people from the Islamic States with it being determined to give protection to its users from censorship which is politically motivated however they claim that they would not be tolerant to extremism. This came up as a result of it being discovered that ISIS members were taking advantage of the security of the platform in spreading out of their propaganda claiming that if it was found that critiquing a government was an illegal act then the application would not be used as part of the process in motivation of censorship of the sort since it did not go along with the principles of the founder.
With the attack being carried out in Iran, an Islamic State, it can be said to be driven towards exposure of activities they carry out with it being used mainly in Islamic states and being associated with ISIS which is claimed to be an Islam group.
Telegram blocking
There is proof that there have been attempts made by Telegram to block mapping of its users in different countries and there being countermeasures set up to prevent the occurrence and prevalence of such attacks. Telegram being based on phone contacts primarily makes it easy to identify whether a party is on the platform through logging in to the application and checking against contacts. This similarly is the case to related messaging applications such as Messenger and WhatsApp. The attack remains unclear whether it originated from Iranian authorities of from Rocket Kitten, a Persian language group which makes use of similar spear phishing attacks on its targets.
The cyber kill chain approach follows steps of: Identification and reconnaissance, the initial attack being posed, commanding and controlling of the taken over system, discovery and spreading, and the final stage being infiltration and extraction of information.
This strategy was seemingly used in the hacking attack where Telegram was identified due to it being used by the Islamist States after which the Iranian government made attempts to take over the application by asking for a backdoor into the application so that they could have gained information and control. The application was later compromised with a dozen accounts being exposed and millions more being at further risk with this correlating to information extraction.