Hackers Use Telegram, Signal, Dark Web to Help Iranian Protesters

Protesters against the Iran regime are getting a boost to aid their efforts from hacking groups who are using Telegram, Signal and the dark web to get around government restrictions.

“Key activities are data leaking and selling, including officials’ phone numbers and emails, and maps of sensitive locations. CPR sees the sharing of open VPN servers to bypass censorship and reports on the internet status in Iran, as well as the hacking of conversations and guides,” according to a blog post by Check Point Research (CPR), which shared five examples of the counterprotesters’ activities.

Telegram groups, the researchers said, include between 900 to 1,200 members, some of which offer a list of proxies and a VPN to maneuver around Iranian government censorship while another group helps protesters gain access to social media.

CPR noted the activities the day after protests began following the death of Mahsa Amini. “Specifically, hacker groups are allowing people in Iran to communicate with each other, share news and what is going on in different places, which is what the government is trying to avoid, to lower the flames,” CPR said. “As per usual with these uprisings, there are some hacking groups that are trying to make a profit from the situation and to sell information from Iran and the regime.”

Researchers specifically called out the Official Atlas Intelligence Group channel, a group with 900 members that uses Telegram to leak and sell data. They are “focusing on leaking data that can help against the regime in Iran, including officials’ phone numbers and emails and maps of sensitive locations,” PCR said, as well as “upsell” private information on the Iranian Revolutionary Guard Corp (RGC). They are also offering a list of proxies to help protesters bypass censorship in Iran.

The 5,000-strong Arvin group is also using the messaging platform to leak and sell data. Its focus is “on news from the protests in Iran, reports and videos from the streets where the protests are in Iran,” CPR said. They also provide Open VPN services and report on internet status in the country.

Red Blue is another group with 4,000 members and is also using Telegram to hack…