Ukrainian Authorities Dismantle Bot Farm Supplying 20,000 Fake Telegram Accounts to Russian Intelligence
What Happened – Ukrainian security services arrested the organizer of a “bot farm” in Zhytomyr that created and sold thousands of counterfeit Telegram accounts using Ukrainian SIM cards. The operation supplied roughly 20 000 fake profiles to Russian intelligence for disinformation and phishing campaigns.
Why It Matters for TPRM –
- Fake‑account services can be weaponised against third‑party vendors, amplifying misinformation and social‑engineering attacks.
- Organizations that rely on Telegram or similar messaging platforms may be exposed to credential‑based threats originating from such farms.
- The incident highlights the risk of third‑party infrastructure (SIM‑card providers, account‑creation services) being co‑opted for hostile state‑backed operations.
Who Is Affected – Government agencies, media organisations, NGOs, and any enterprise that uses Telegram for communications or authentication.
Recommended Actions –
- Review any reliance on Telegram for critical communications or MFA and consider alternative channels.
- Verify that employee phone numbers are not sourced from bulk‑procured SIM pools.
- Strengthen phishing awareness training, especially around unsolicited Telegram messages.
Technical Notes – The bot farm leveraged bulk‑purchased Ukrainian mobile numbers, USB‑modem hubs, and automated scripts to mass‑create accounts. No specific CVE was involved; the threat vector is a third‑party dependency on a fraudulent account‑generation service. Source: The Record