Telegram Become the Platform of Choice for Cybercriminals in Southeast Asia?

Cybercrime in Southeast Asia continues to show an upward trend alongside the rapid advancement of communication technologies, with encrypted applications such as Telegram becoming one of the primary platforms used by criminal syndicates to operate. A recent United Nations (UN) report highlights how the platform is being utilized for various illicit activities, including the trade of deepfake software and data-stealing malware, financial fraud, and money laundering.

With features such as user anonymity, encryption, and the ability to facilitate large-scale communications, Telegram provides an environment that is difficult for authorities to monitor, making it particularly attractive to transnational criminal networks. This article explores how Telegram is being exploited by cybercriminals, the countermeasures recommended by the United Nations (UN), and the challenges involved in combating this growing threat.

Telegram and Its Popularity in Southeast Asia

Telegram has become one of the most popular communication platforms in Southeast Asia. One of the main reasons is its ability to provide high-quality services that are free and easy to use. With end-to-end encryption features and stronger security measures compared to many other applications, Telegram offers enhanced privacy for its users. Interestingly, users only need to provide a phone number to create an account, without having to share extensive personal information. This makes it an attractive option for individuals who prioritize anonymity, whether for security reasons or for purposes that are not always legitimate.

In addition, Telegram’s flexibility, which allows users to access their accounts across multiple devices simultaneously, further contributes to its appeal in the region. In Southeast Asia, Telegram is used not only for personal communication but also as a platform for large-scale information sharing through public groups and channels. The channel feature enables a single individual to distribute content to thousands of users within a short period, making it an efficient communication tool with a broad reach.

Unfortunately, these features are also frequently abused by cybercriminals to distribute illegal content, such as stolen data, phishing links, and organized hacking activities. Telegram’s popularity in the region highlights two contrasting realities: on one hand, it serves as an effective communication platform; on the other, it can become a space vulnerable to illegal activities.

Read: Preventing Data Sales on the Dark Web: Effective Protection Measures

United Nations Report: Telegram as a Tool for Cybercrime

According to Tempo.co, the United Nations Office on Drugs and Crime (UNODC) released a report on October 7, 2024, revealing that criminal networks in Southeast Asia are using Telegram to conduct organized cybercrime activities. Benedikt Hofmann, UNODC Deputy Regional Representative for Southeast Asia and the Pacific, stated that Telegram offers ease of navigation for criminals due to the limited moderation within its communication channels.

As a result, various illegal activities, including the trade of hacked data such as credit card information, passwords, and browser histories, are taking place openly on the platform. In addition, cybercrime tools such as data-stealing malware, deepfake technology, and money laundering services through unlicensed cryptocurrency exchanges are widely advertised and sold. The report also found that cybercrime has grown rapidly across Southeast Asia, with the industry estimated to generate between US$27.4 billion and US$36.5 billion annually.

One notable finding was the presence of Chinese-language advertisements claiming to facilitate daily money laundering transactions worth millions of dollars. Many of the criminal syndicates involved originate from China and operate from concealed locations. These groups continue to innovate by integrating advanced technologies such as malware, artificial intelligence (AI), and deepfake tools into their operations. With Telegram’s privacy-focused features and limited oversight, the platform has become a strategic tool that supports transnational cybercrime and contributes to Southeast Asia’s emergence as a global hub for digital crime.

Telegram Features That Attract Cybercriminals

Telegram has become a preferred platform for cybercriminals due to several features that support privacy and operational convenience. With a design focused on security and flexibility, the application provides an environment that is difficult for authorities to monitor. This is one of the reasons why Telegram is often favored over other communication platforms. The following are some of the key Telegram features frequently exploited by cybercriminals:

End-to-End Encryption

One of Telegram’s most notable features is end-to-end encryption, which ensures that messages can only be read by the sender and recipient. This feature provides a high level of privacy and makes conversations difficult for third parties, including law enforcement agencies, to access. As a result, illegal activities such as planning criminal operations, trading stolen data, or coordinating criminal networks can take place with reduced risk of detection.

Identity Anonymity

Telegram allows users to register an account using only a phone number, without requiring official identity verification. This makes it easy for cybercriminals to create anonymous accounts within seconds. Such anonymity provides a significant advantage for criminal syndicates, as their real identities can remain concealed even when illegal activities are conducted on a large scale.

Large Channels and Groups

Telegram’s channel and group features enable efficient mass communication, with capacities reaching hundreds of thousands of members. Criminal networks exploit these features to distribute information, advertise services, or recruit members. For example, stolen data, malicious software, and money laundering services may be openly promoted through channels that receive limited moderation.

Automated Bots

Telegram also offers automated bot functionality that can be programmed for various purposes, including cybercriminal activities. These bots are often used to distribute phishing messages on a large scale, spread malware, or operate automated fraud schemes designed to steal user data. With bots, illegal operations can be carried out more quickly and systematically with minimal direct human involvement.

With this combination of features, Telegram provides an environment that allows cybercriminals to conduct their activities efficiently, securely, and with a lower risk of detection. As a result, the platform has become a preferred tool in various criminal operations across Southeast Asia and other regions.

Comparison Between Telegram and Other Platforms

Telegram is often compared to other popular messaging applications such as WhatsApp, Signal, and Facebook Messenger, particularly in terms of security and privacy. One of the key differences lies in the implementation of end-to-end encryption. WhatsApp and Signal enable end-to-end encryption by default for all conversations, ensuring that only the sender and recipient can read the messages. In contrast, Telegram only provides end-to-end encryption through its Secret Chat feature, which must be manually activated by users. Standard Telegram conversations use server-to-client encryption, offering greater flexibility but also creating potential security concerns.

This flexibility can make Telegram more appealing to cybercriminals, as they can choose communication methods that suit their needs. In terms of oversight, Facebook Messenger has a notable limitation because conversations are not automatically end-to-end encrypted, making them more accessible to third parties such as law enforcement agencies or service providers. WhatsApp offers stronger security through end-to-end encryption, although its registration process, which requires phone number verification, makes anonymity more difficult to maintain.

Signal is widely regarded as the most secure option due to its strict privacy policies and minimal collection of user metadata. However, Signal lacks some of the features available on Telegram, such as large channels and automated bots. Telegram stands out for its ability to support mass communication through large groups and channels, while also making it easier for users to remain anonymous. Unfortunately, this flexibility and relatively limited oversight can also be exploited by criminal networks to conduct illegal activities more freely than on other platforms.

Examples of Cybercrime Cases in Southeast Asia

In Indonesia, cyberattacks targeting Micro, Small, and Medium Enterprises (MSMEs) have increased significantly. According to a report by Trend Micro, more than 5 million web-based attacks targeting this sector were recorded in the first half of 2022. Cybercriminals frequently steal sensitive information such as passwords and personal data, which are then used for online fraud or identity theft.

In addition, in June 2024, a ransomware attack targeted Indonesia’s national data center. The attack disrupted public services, including immigration checks at airports, and the attackers demanded a ransom of US$8 million. This incident highlighted serious security vulnerabilities within the country’s government digital infrastructure. In Thailand, criminal networks have used digital platforms to facilitate activities such as online fraud and human trafficking. During the pandemic, Interpol found that these groups had evolved into global-scale criminal networks, generating up to US$3 trillion annually from various illegal activities.

Meanwhile, cyberattacks targeting the financial sector continue to rise in the Philippines. Attackers use sophisticated malware to steal banking information and conduct financial fraud. According to a UNODC report, cybercrime syndicates in Southeast Asia are becoming increasingly sophisticated by leveraging technologies such as artificial intelligence (AI) and cryptocurrencies to expand their operations, resulting in substantial financial losses across the region. These cases demonstrate how communication platforms have evolved into effective tools for transnational criminal activities in Southeast Asia, creating significant challenges for governments and law enforcement agencies.

United Nations Response Measures and Recommendations

The United Nations has issued a number of recommendations to address the misuse of encrypted communication platforms that are frequently exploited for cybercrime activities. One of the key initiatives is the launch of the United Nations Global Principles for Information Integrity, which encourages governments, technology companies, and other stakeholders to work together in combating disinformation and illegal content in the digital space. This initiative aims to create a safe and trustworthy digital environment while continuing to respect human rights, including freedom of expression.

These efforts also include strengthening privacy policies and increasing the transparency of communication platforms in moderating content that may be misused. In Southeast Asia, several governments have taken concrete steps to improve cybersecurity oversight. The ASEAN Regional Forum (ARF), for example, encourages its member states to adopt cybersecurity legislation that aligns with international standards, including United Nations General Assembly Resolution 55/63.

In addition, the ARF emphasizes the importance of regional collaboration through the establishment of Computer Security Incident Response Teams (CSIRTs), which help accelerate the sharing of information regarding cyber threats. However, implementing these policies remains challenging due to infrastructure limitations, capacity gaps among countries, and shortages of skilled cybersecurity professionals. Furthermore, relatively low levels of digital literacy in some Southeast Asian countries continue to hinder the effectiveness of cybersecurity threat mitigation efforts.

Read: Hackers vs. Handcuffs: Inside the Global Cybercrime Crackdown

Conclusion

The misuse of encrypted communication platforms such as Telegram for cybercrime activities in Southeast Asia has become a serious concern, as highlighted in United Nations reports. Although the United Nations has recommended measures such as the Global Principles for Information Integrity, implementation at the regional level continues to face significant challenges. Through forums such as the ASEAN Regional Forum (ARF), Southeast Asian countries have taken steps to strengthen oversight by developing cybersecurity policy frameworks and enhancing cross-border cooperation.

However, infrastructure limitations, differences in capabilities among countries, and low levels of digital literacy and cybersecurity expertise remain major obstacles to effectively combating these threats. As a result, stronger collaboration and continued capacity-building efforts are still needed to create a safer digital ecosystem across the region.