Re: Who is using Telegram?

ICSI · ‎2023-12-04

As of 2023, Telegram, the messaging app, has reached significant milestones in terms of its user base:

Total Users: Telegram has an estimated 1.068 billion total users.
Monthly Active Users: The app has around 700 million monthly active users. This figure has been consistently reported across various sources, indicating a substantial and active user community.
Daily Active Users: On a daily basis, about 55.2 million users actively use the app. This level of daily engagement highlights the app's importance in the daily communication habits of a large number of people worldwide.
User Engagement: The average Telegram user spends about 2.9 to 3 hours per month on the application, demonstrating a significant level of engagement with the platform.

These statistics position Telegram as one of the top messaging apps globally, following major platforms like WhatsApp, WeChat, and Facebook Messenger. The app's popularity is attributed to features like robust privacy, a wide range of channels for various purposes, and a user-friendly interface.

but today I saw this on my Check Point Spark 1570 logs: I wonder if this is a normal behavior of the app, like when watching stuff or is the Russian APT getting a hold of every user in the world.

See something, say something!

Regards,

Oscar Catana
https://ipthub.com

Cyber Sec Passionate!

PhoneBoy · ‎2023-12-04

The other option is: it could be a false positive.
That possibility would have to be checked via TAC: https://help.checkpoint.com

ANANTADSULE · ‎2023-12-06

Hello Sir,

But what if false positive reaches 99% of entire detection.

ICSI · ‎2023-12-06

So many questions to your comment about 99% of command injections. One thing is that if they are coming from the outside, it might be time to replace that IP address. I have a customer who used to have a ZyXel firewall, and I replaced with a Spark one, now I am receiving tons of ZyXel vulnerability scans and the next step would be to replace the public IP address to decrease the risk of a breach and increase the performance of the internet service.

Regards,

Oscar Catana
https://ipthub.com

Cyber Sec Passionate!

the_rock · ‎2023-12-07

Thats why we suggested open TAC case and they can confirm for sure.

Andy

ANANTADSULE · ‎2023-12-07

I already replied.

TAC replied me after 5 months of research.some of quotes from TAC below.

"This indicates that the functionality of IPS inspection works as expected."

"This protection is specifically for internal servers"

Interesting thing is the command injection signature is detecting checkpoint's support chat service as a web command injection.

ANANTADSULE · ‎2023-12-06

Hello ICSI,

Nothing is special in these detection as TAC replied me after 5 months of research.some of quotes from TAC below.

"This indicates that the functionality of IPS inspection works as expected."

"This protection is specifically for internal servers"

Interesting thing is the command injection signature is detecting checkpoint's support chat service as a web command injection.

the_rock · ‎2023-12-06

Could be false positive as Phoneboy said, TAC would be best to confirm for sure.

Andy

G_W_Albrecht · ‎2023-12-20

Telegram is well know for the criminal activities it is used for, but i simply do not know anyone using it... Maybe because it is very unsafe, it only pretends to be safe...

CCSE CCTE CCSM SMB Specialist

the_rock · ‎2023-12-20

Well, that can be lots of apps really, but as long as connection is encrypted, thats what counts.

Andy

Are you a member of CheckMates?

Who is using Telegram?