Submitted via IRC for TheMightyBuzzard
The accounts with Telegram, a secure messaging service based in Germany, were compromised by exploiting the fact that Telegram sends would-be users an SMS with authorization codes so that they can activate their devices.
The researchers believe the attackers have intercepted these text messages, and this allowed them to add new devices to the targets' account, and access everything in it.
This SMS interception has been performed either by compromising Iranian phone companies, or by colluding with them. The researchers believe that the latter theory is not far-fetched, as Rocket Kitten – the hacker group that they believe performed the attacks – is believed to be composed of Iranian hackers, possibly tied to the Iranian Revolutionary Guard Corps...
Rocket Kitten is known for targeting individuals, businesses and government organizations across the the Middle East, but also researchers (Iranian and European), Iranian citizens/activists, and Islamic and anti-Islamic preachers and groups, political parties and government officials.
The same group apparently also managed to misuse Telegram's API to identify 15 million Iranian phone numbers and user IDs tied with Telegram accounts earlier this year. This information can come in handy for orchestrating future attacks and help with investigations.
Source: https://www.helpnetsecurity.com/2016/08/03/compromised-telegram-accounts/
(Score: 0) by Anonymous Coward on Wednesday August 10 2016, @04:15PM
The accounts with Telegram, *a secure messaging service based in Germany, were compromised
*citation needed
I don't think that word means what you think it means.