嗯,用户让我总结一下这篇文章的内容,控制在100字以内,而且不需要用“文章内容总结”之类的开头。我得先仔细阅读文章,抓住主要信息。 文章讲的是伊朗政府黑客利用Telegram作为工具来窃取数据。他们假装成已知联系人或技术支持,诱骗目标点击恶意链接。一旦安装了恶意软件,黑客就能通过Telegram机器人远程控制受害者的设备,窃取文件、截图甚至录音Zoom通话。 此外,FBI提到这些攻击可能由伊朗情报和安全部门策划,目的是推动其地缘政治议程。还提到了一个假的黑客组织Handala,他们声称对Stryker公司的攻击负责,而美国司法部指控Handala是伊朗政府的幌子。 所以,总结时要包括:伊朗黑客利用Telegram进行攻击、伪装身份、窃取数据、FBI警告以及涉及的组织Handala和Homeland Justice。 现在把这些信息浓缩到100字以内。要注意用词简洁,涵盖主要点:目标群体、攻击手段、后果、责任归属和相关组织。 最后检查一下字数是否符合要求,并确保没有遗漏关键信息。 </think> 伊朗政府黑客利用Telegram伪装成已知联系人或技术支持,诱骗目标点击恶意链接并安装恶意软件。通过Telegram机器人远程控制受害者设备,窃取文件、截图及录音Zoom通话。FBI警告称这些攻击由伊朗情报部门策划,旨在推动其地缘政治议程,并提及与假黑客组织Handala及Homeland Justice的关联。 2026-3-23 15:33:27 Author: techcrunch.com(查看原文) 阅读量:1 收藏
Iranian government hackers are using Telegram as a way to steal data from hacked dissidents, opposition groups, and journalists who oppose the regime around the world, according to an FBI alert published on Friday.
In the first stage of the attack, the hackers contact their targets and pretend to be a known contact or tech support, and are tricked into accepting a link to a malicious file masquerading as legitimate apps, such as Telegram and WhatsApp. Once the target installs the malware, the second stage of the attack connects the infected victim with Telegram bots that allow the hackers to remotely command and control the victim’s computer. This allows the hackers to gain remote control of the victims’ devices to steal files, take screenshots, and record Zoom calls, according to the FBI.
Using Telegram as a way to remotely control a victim’s device is a common technique by hackers to hide malicious activity among legitimate network traffic, which makes it harder for cybersecurity defenders and anti-malware products to identify.
According to the FBI, the hackers responsible for these attacks are allegedly working for Iran’s Ministry of Intelligence and Security (MOIS). The FBI said these attacks are an example of Iranian government hackers’ attempts to push the regime’s “geopolitical agenda.”
Contact Us
Do you have more information about Handala, or other Iran-linked hacking operations? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or by email.
In the alert, the FBI mentioned the pro-Iranian and pro-Palestine fake hacktivist group Handala, although it’s not clear if the attacks referenced in the alert were carried out by this group.
Earlier this month, Handala claimed responsibility for an attack on medical tech giant Stryker, which resulted in the wiping tens of thousands of employee devices.
In an 8-K filing with the U.S. Securities and Exchange Commission on Monday, Stryker said it is still recovering from the hack.
Techcrunch event
San Francisco, CA | October 13-15, 2026
Last week, the U.S. Justice Department accused Handala of being a front for Iran’s government, specifically the MOIS, and for being behind the Stryker hack. At the same time, the FBI took down and seized two websites linked to Handala, and two other sites linked to another Iranian hacktivist group called “Homeland Justice.” In the recent FBI alert, the bureau said the two groups are linked and controlled by the MOIS.
An FBI spokesperson said in an email that the bureau “has nothing additional to add.”
Telegram did not respond to a request for comment.
Updated to include FBI’s response.
Lorenzo Franceschi-Bicchierai is a Senior Writer at TechCrunch, where he covers hacking, cybersecurity, surveillance, and privacy.
You can contact or verify outreach from Lorenzo by emailing [email protected], via encrypted message at +1 917 257 1382 on Signal, and @lorenzofb on Keybase/Telegram.
如有侵权请联系:admin#unsafe.sh