{"id":56899,"date":"2024-08-22T14:26:58","date_gmt":"2024-08-22T14:26:58","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/36246\/Hackers-Leak-Their-Own-Operations-Through-Exposed-Telegram-Bot-API-Tokens.html"},"modified":"2024-08-22T14:26:58","modified_gmt":"2024-08-22T14:26:58","slug":"hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\/","title":{"rendered":"Hackers Leak Their Own Operations Through Exposed Telegram Bot API Tokens"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2024\/08\/AdobeStock_446367653_Editorial_Use_Only.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>A pair of cybercriminals inadvertently leaked a \u201ctreasure trove\u201d of information on their own operations due to exposure of Telegram Bot API tokens used by the hackers to exfiltrate victim data, <a href=\"https:\/\/research.checkpoint.com\/2024\/unmasking-styx-stealer-how-a-hackers-slip-led-to-an-intelligence-treasure-trove\/\" data-type=\"link\" data-id=\"https:\/\/research.checkpoint.com\/2024\/unmasking-styx-stealer-how-a-hackers-slip-led-to-an-intelligence-treasure-trove\/\" target=\"_blank\" rel=\"noreferrer noopener\">Check Point researchers revealed last week<\/a>.<\/p>\n<p>The discovery of a <a href=\"https:\/\/www.scmagazine.com\/brief\/telegram-derided-for-lacking-security\" target=\"_blank\" rel=\"noreferrer noopener\">Telegram<\/a> bot token in the configuration file of a malware sample that came from one of Check Point\u2019s customers led the researchers down a rabbit hole that ultimately exposed the operators of the Styx Stealer malware-as-a-service (MaaS) and the Agent Tesla malware campaign.<\/p>\n<p>The threat actors both used Telegram\u2019s infrastructure via the Telegram Bot API to exfiltrate data stolen from victims, a stealthier method than utilizing their own infrastructure. However, this method left the Telegram bot token behind in the malware files, which Check Point was able to decrypt and use to access information from the bot associated with the Agent Tesla campaign.<\/p>\n<p>While monitoring the Agent Tesla bot, called joemmBot, the researchers noticed an unusual archive that differed from reports typically uploaded by the Agent Tesla threat actor, which contained information pertaining to the infostealer called Styx Stealer.<\/p>\n<p>Styx Stealer is an infostealer based on <a href=\"https:\/\/www.scmagazine.com\/brief\/novel-infostealer-spread-via-windows-defender-smartscreen-flaw\" data-type=\"link\" data-id=\"https:\/\/www.scmagazine.com\/brief\/novel-infostealer-spread-via-windows-defender-smartscreen-flaw\" target=\"_blank\" rel=\"noreferrer noopener\">Phemedrone Stealer<\/a> that first appeared in April 2024 as an MaaS offering and includes many of the same core capabilities as Phemedrone, namely the ability to steal browser data, cryptocurrency wallet data, location data, messaging service sessions and certain files from the victim\u2019s computer.<\/p>\n<p>Styx Stealer also adds some additional evasion capabilities, an updated builder and graphical user interface (GUI), and a crypto-clipping function, which scans the victim\u2019s clipboard for cryptocurrency wallet addresses and replaces these addresses to direct transactions to the attacker\u2019s own wallet.<\/p>\n<p>It was through the Styx Stealer operator\u2019s plan to add Telegram-based data exfiltration to the malware\u2019s features that led to the lapse in operational security.<\/p>\n<h2>Hacker buddies\u2019 Telegram chats shed light on malware schemes<\/h2>\n<p>The Check Point researchers wrote that they were able to leverage the joemmBot token associated with Agent Tesla to gain access to communications between the Styx Stealer operator, known as &#8220;Sty1x,&#8221; and a user named &#8220;Mack_Sant.&#8221; These Telegram conversations revealed that Mack_Sant suggested Sty1x use the Telegram Bot API for data exfiltration, leading the former to send the joemmBot token and chatID to the latter.<\/p>\n<p>While debugging Styx Stealer, Sty1x uploaded an archive file from his computer to Telegram via joemmBot, leading to its discovery by Check Point. This archive included a trove of information including user data from two Telegram accounts operated by Sty1x, phone numbers used by Sty1x and screenshots showing the Visual Studio IDE interface during the debugging process of the Styx Stealer executable.<\/p>\n<p>Through login records from Sty1x\u2019s <a href=\"https:\/\/www.scmagazine.com\/brief\/exposure-of-telegram-users-ip-addresses-to-contacts-remains\" target=\"_blank\" rel=\"noreferrer noopener\">Telegram accounts<\/a>, styxencode and cobrasupports, that were included in the archive, Check Point determined styxencode operated from Turkey; this was also corroborated by the Turkish country code of one of Sty1x\u2019s phone numbers and the Turkish-language interface seen in the Visual Studio IDE screenshot.<\/p>\n<p>The researchers were also able to determine the approximate number of Styx Stealer customers, who are required to contact the styxencode Telegram account in order to obtain the malware license. The team counted 54 customers and also identified eight cryptocurrency wallets used by Sty1x to accept customer payments.<\/p>\n<p>The conversations between Sty1x and Mack_Sant also revealed information about Mack_Sant\u2019s cybercrime activities, including his use of the Origin malware and targeting of users based in China. Further investigation yielded the token and chat ID of a Telegram bot created through the cobrasupports account, called kralboting_bot, through which the researchers uncovered more Styx Stealer reports.<\/p>\n<p>These reports again revealed the location and IP address of Sty1x, but one report was uploaded by a different user called &#8220;Fucos.&#8221; By synthesizing information from this report and the Telegram conversations between the two hackers, the researchers realized that Fucos was, in fact, Mack_Sant, who had used Sty1x\u2019s kralboting_bot to test Styx Stealer on his own computer.<\/p>\n<p>The report uploaded by Fucos revealed Fucos\u2019\/Mack_Sant\u2019s IP address and location in Lagos, Nigeria. The username Fucos was also known to be used by the operator of the Agent Tesla campaign, bringing the investigation full circle.<\/p>\n<p>The researchers noted that Sty1x\u2019s downfall may have come from his use of an older version of Phemedrone to build Styx Stealer, as the latest version of Phemedrone encrypts all data sent to Telegram with a unique key for each campaign.<\/p>\n<p>READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/36246\/Hackers-Leak-Their-Own-Operations-Through-Exposed-Telegram-Bot-API-Tokens.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":56900,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[11020],"class_list":["post-56899","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackermalwaredata-lossbotnetpassword"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Hackers Leak Their Own Operations Through Exposed Telegram Bot API Tokens 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Hackers Leak Their Own Operations Through Exposed Telegram Bot API Tokens 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2024-08-22T14:26:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2024\/08\/AdobeStock_446367653_Editorial_Use_Only.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Hackers Leak Their Own Operations Through Exposed Telegram Bot API Tokens\",\"datePublished\":\"2024-08-22T14:26:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\\\/\"},\"wordCount\":766,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens.jpg\",\"keywords\":[\"headline,hacker,malware,data loss,botnet,password\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\\\/\",\"name\":\"Hackers Leak Their Own Operations Through Exposed Telegram Bot API Tokens 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens.jpg\",\"datePublished\":\"2024-08-22T14:26:58+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2024\\\/08\\\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens.jpg\",\"width\":800,\"height\":533},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,malware,data loss,botnet,password\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackermalwaredata-lossbotnetpassword\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Hackers Leak Their Own Operations Through Exposed Telegram Bot API Tokens\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Hackers Leak Their Own Operations Through Exposed Telegram Bot API Tokens 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\/","og_locale":"en_US","og_type":"article","og_title":"Hackers Leak Their Own Operations Through Exposed Telegram Bot API Tokens 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2024-08-22T14:26:58+00:00","og_image":[{"url":"https:\/\/files.scmagazine.com\/wp-content\/uploads\/2024\/08\/AdobeStock_446367653_Editorial_Use_Only.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Hackers Leak Their Own Operations Through Exposed Telegram Bot API Tokens","datePublished":"2024-08-22T14:26:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\/"},"wordCount":766,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens.jpg","keywords":["headline,hacker,malware,data loss,botnet,password"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\/","url":"https:\/\/www.threatshub.org\/blog\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\/","name":"Hackers Leak Their Own Operations Through Exposed Telegram Bot API Tokens 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens.jpg","datePublished":"2024-08-22T14:26:58+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2024\/08\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens.jpg","width":800,"height":533},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/hackers-leak-their-own-operations-through-exposed-telegram-bot-api-tokens\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,malware,data loss,botnet,password","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermalwaredata-lossbotnetpassword\/"},{"@type":"ListItem","position":3,"name":"Hackers Leak Their Own Operations Through Exposed Telegram Bot API Tokens"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56899","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=56899"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/56899\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/56900"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=56899"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=56899"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=56899"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}