Popular Ukrainian Telegram channels hacked to spread Russian propaganda

Avatar

Several popular Ukrainian news channels on Telegram were hacked over the weekend to spread “provocative messages,” Ukraine’s cyber officials said.

According to a statement by the State Service of Special Communications and Information Protection (SSSCIP), the channels were hacked through a Russia-owned service called FleepBot, used to schedule posts, automate responses and manage content.

The FleepBot hack allowed the unknown threat actor to make posts on Telegram on behalf of their owners, SSSCIP said.

“We would like to emphasize once again the danger of using any software from the aggressor country, and the need to carefully check the origin of the software before using it,” the agency added.

Some of the hacked channels on the messaging app had “hundreds of thousands and even millions of subscribers,” according to Yehor Papyshev, head of the information technology department at Ukraine’s President’s Office.

To fix the problem, Telegram channel owners should cut FleepBot access to their platforms, Papyshev said. “It is also advisable to remove and not use Telegram at all,” he added.

Ukrainian cyber officials haven’t specified how many channels were hacked, but according to media reports, the victims include Times of Ukraine news channels that have over 1.5 million followers, Real Kyiv with over 1.2 million followers and Kharkiv Live with 600,000 followers.

“While you were sleeping, the Rashists hacked our posting service,” Time of Ukraine wrote in a statement, using an epithet for Russian forces. “But the truth cannot be blocked: Russia is filth, an abomination, and an aggressor. The Times of Ukraine technical service quickly recorded everything. Do not get carried away by IPSO and ‘betrayal.’ Let’s hold on!”

Screenshot of the Times of Ukraine’s Telegram account responding to a hack that spread Russian propaganda.

FleepBot confirmed on Sunday that its service “had encountered unauthorized access.” “We understand how worrying this is and take this situation seriously,” the company said. “We will also definitely contact the authorities so that the perpetrators are punished.”

The company suspended the bot for a day while it was fixing a bug but put it back online on Monday. FleepBot assured that the cyberattack hadn’t affected user data and security tokens. The company promised to compensate all users for a week of posting, and those affected by the failure, for a full month.

According to Russian tech news site Kod Durova, which spoke with an anonymous source at FleepBot, the hack affected hundreds of Telegram channels. 

Most of the channels were likely Ukrainian, but the hack also reportedly affected several Russian channels, Kod Durova wrote.

Ukrainian public broadcaster Suspilne said that at least 270 Ukrainian channels were hacked. The posts shared by hackers and seen by journalists from Suspilne contained several narratives repeatedly echoed in Russian propaganda media, including a fake story that President Volodymyr Zelensky’s wife bought a new sports car, as well as calls to “lay down arms.”

Similar incidents have happened before. In May 2022, an unknown threat actor hacked Crosser Bot to post war-related messages to more than 3,700 channels. In total, the posts got over 1.3 million views.

Telegram is widely popular in Ukraine and Russia. Its social media-like architecture allows people to publish news, film videos, or send geographic locations on the spot.

In wartime, the service has become a lifeline for many Ukrainians who use it to receive real-time alerts about Russian drone and missile strikes and their aftermath. .

Ukrainian President Volodymyr Zelensky posts his daily video addresses on Telegram, while the country’s other state agencies, including the security services and military intelligence, use the app to make public announcements and share battlefield developments. According to recent polling data, Telegram is the most popular digital news source for the majority of Ukrainians.

Such reliance on the Russia-founded app has raised concerns among local state officials and digital experts. Ukraine’s defense intelligence chief, Kyrylo Budanov, called Telegram “a problem for national security.” 

The Ukrainian Centre for Strategic Communication and Information Security advised Ukrainian users to switch to Viber or WhatsApp, saying: “Your data will definitely be safer there.” The agency called the latest Telegram blockings “another confirmation of the unreliability of the platform.”

Nation-stateNewsTechnology
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Daryna Antoniuk

is a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in Eastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for Forbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.

 

Total
0
Shares
Previous Post

NCA infiltrates DDoS-for-hire site as suspected controller arrested in Northern Ireland

Next Post

Los Angeles County court system slated to reopen Tuesday after ransomware attack

Related Posts

Google Warns of Actively Exploited CVE-2024-43093 Vulnerability in Android System

Google has warned that a security flaw impacting its Android operating system has come under active exploitation in the wild. The vulnerability, tracked as CVE-2024-43093, has been described as a privilege escalation flaw in the Android Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories and its sub-directories,
Avatar
Read More

Comprehensive Guide to Building a Strong Browser Security Program

The rise of SaaS and cloud-based work environments has fundamentally altered the cyber risk landscape. With more than 90% of organizational network traffic flowing through browsers and web applications, companies are facing new and serious cybersecurity threats. These include phishing attacks, data leakage, and malicious extensions. As a result, the browser also becomes a vulnerability that
Avatar
Read More