Several popular Ukrainian news channels on Telegram were hacked over the weekend to spread “provocative messages,” Ukraine’s cyber officials said.
According to a statement by the State Service of Special Communications and Information Protection (SSSCIP), the channels were hacked through a Russia-owned service called FleepBot, used to schedule posts, automate responses and manage content.
The FleepBot hack allowed the unknown threat actor to make posts on Telegram on behalf of their owners, SSSCIP said.
“We would like to emphasize once again the danger of using any software from the aggressor country, and the need to carefully check the origin of the software before using it,” the agency added.
Some of the hacked channels on the messaging app had “hundreds of thousands and even millions of subscribers,” according to Yehor Papyshev, head of the information technology department at Ukraine’s President’s Office.
To fix the problem, Telegram channel owners should cut FleepBot access to their platforms, Papyshev said. “It is also advisable to remove and not use Telegram at all,” he added.
Ukrainian cyber officials haven’t specified how many channels were hacked, but according to media reports, the victims include Times of Ukraine news channels that have over 1.5 million followers, Real Kyiv with over 1.2 million followers and Kharkiv Live with 600,000 followers.
“While you were sleeping, the Rashists hacked our posting service,” Time of Ukraine wrote in a statement, using an epithet for Russian forces. “But the truth cannot be blocked: Russia is filth, an abomination, and an aggressor. The Times of Ukraine technical service quickly recorded everything. Do not get carried away by IPSO and ‘betrayal.’ Let’s hold on!”
Screenshot of the Times of Ukraine’s Telegram account responding to a hack that spread Russian propaganda.
FleepBot confirmed on Sunday that its service “had encountered unauthorized access.” “We understand how worrying this is and take this situation seriously,” the company said. “We will also definitely contact the authorities so that the perpetrators are punished.”
The company suspended the bot for a day while it was fixing a bug but put it back online on Monday. FleepBot assured that the cyberattack hadn’t affected user data and security tokens. The company promised to compensate all users for a week of posting, and those affected by the failure, for a full month.
According to Russian tech news site Kod Durova, which spoke with an anonymous source at FleepBot, the hack affected hundreds of Telegram channels.
Most of the channels were likely Ukrainian, but the hack also reportedly affected several Russian channels, Kod Durova wrote.
Ukrainian public broadcaster Suspilne said that at least 270 Ukrainian channels were hacked. The posts shared by hackers and seen by journalists from Suspilne contained several narratives repeatedly echoed in Russian propaganda media, including a fake story that President Volodymyr Zelensky’s wife bought a new sports car, as well as calls to “lay down arms.”
Similar incidents have happened before. In May 2022, an unknown threat actor hacked Crosser Bot to post war-related messages to more than 3,700 channels. In total, the posts got over 1.3 million views.
Telegram is widely popular in Ukraine and Russia. Its social media-like architecture allows people to publish news, film videos, or send geographic locations on the spot.
In wartime, the service has become a lifeline for many Ukrainians who use it to receive real-time alerts about Russian drone and missile strikes and their aftermath. .
Ukrainian President Volodymyr Zelensky posts his daily video addresses on Telegram, while the country’s other state agencies, including the security services and military intelligence, use the app to make public announcements and share battlefield developments. According to recent polling data, Telegram is the most popular digital news source for the majority of Ukrainians.
Such reliance on the Russia-founded app has raised concerns among local state officials and digital experts. Ukraine’s defense intelligence chief, Kyrylo Budanov, called Telegram “a problem for national security.”
The Ukrainian Centre for Strategic Communication and Information Security advised Ukrainian users to switch to Viber or WhatsApp, saying: “Your data will definitely be safer there.” The agency called the latest Telegram blockings “another confirmation of the unreliability of the platform.”
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Daryna Antoniuk
is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.