How Attackers Use Telegram for C2 Infrastructure: The New Command & Control Playbook
Telegram has evolved from a simple messaging app into a sophisticated command-and-control infrastructure for cybercriminals. With its encrypted channels, bot API capabilities, and nearly 1 billion users, threat actors are leveraging Telegram to operate malware, exfiltrate stolen data, and coordinate attacks—all while hiding behind legitimate infrastructure. This blog reveals the technical methods attackers use and how defenders can detect and mitigate Telegram-based C2 operations.
Rudra Verma, Senior Security Architect & Researcher