The Iran Telegram malware campaign has once again put the spotlight on how state-backed cyber actors are adapting their tactics by blending into widely used digital platforms. In a recent alert, the Federal Bureau of Investigation (FBI) revealed that cyber actors linked to Iran’s Ministry of Intelligence and Security (MOIS) are using Telegram as a command-and-control (C2) infrastructure to deploy malware.

The campaign specifically targets Iranian dissidents, journalists, and individuals or groups perceived as opposing the Iranian government. According to the FBI, these operations have led to intelligence collection, data leaks, and reputational damage, indicating that the intent goes beyo...