New release : CTI Report - Pharmaceutical and drug manufacturing 

                 Download now

Telegram Stories: Voice spoofers, tools and methods

January 30, 2025

Telegram Stories: Voice spoofers, tools and methods

Main conclusion

  • Spoofers are primarily infrastructure providers. They develop the tool and then prepare paid "slots" for other users.

  • They enjoy a dominant position mainly due to the difference in technical knowledge between fraudsters, who do not all know how to develop the infrastructure necessary to change a phone number during calls.

  • Spoofers rely on tools already existing on the legal or open source market, which they repurpose by creating a parallel market.

  • The technical "loophole" allowing one to change their number comes from the SIP protocol which allows for the management of call details at a certain level, and from the interconnection between "new" and "old" networks which complicates the control imposed by operators.

Introduction

Our CTI Analyst Adrien observed that several individuals, using accounts as cover, Telegram, They claim to use, develop and rent services that allow them to spoof phone numbers, which they call Spoofers. It is thanks to these individuals that the "« alloters«"Those posing as bank advisors can call from a perfectly legitimate number. Mentioned in various articles on the subject, these callers have already been analyzed several times.". For example, the YouTuber Micode published a video on May 30, 2023 illustrating his immersion in this environment, where we observe the codes and behaviors of these individuals. The Dark Web environment and this type of attack evoke a nebulous entity: vague, constantly changing, with multiple actors using various pseudonyms and dedicated jargon; it is difficult to establish a general and fixed portrait, given the wide variety of techniques and actors involved.

Intrinsec's CTI Services

Organizations are facing increasingly sophisticated threat actors and intrusion attempts. To counter these constantly evolving threats, a proactive approach to detecting and analyzing any potentially malicious activity is now essential. This practical approach allows companies to anticipate, or at least react as quickly as possible to, the breaches they encounter.

For this report, Intrinsec relied on its Cyber Threat Intelligence service, which provides clients with high-value, contextualized, and actionable intelligence to understand and contain cyber threats. Our CTI team consolidates data and information gathered from our security monitoring services (SOC, MDR, etc.), our incident response team (CERT-Intrinsec), and customized cyber intelligence generated by our analysts using bespoke heuristics, honeypots, hunting, reverse engineering, and pivots.

Intrinsec also offers various services related to Cyber Threat Intelligence:

  • Risk anticipation: which can be leveraged to continuously adapt the detection and response capabilities of our clients' existing tools (EDR, XDR, SIEM, etc.) through:
      • an operational flow of IOCs based on our exclusive activities.
      • Threat intelligence notes and reports compliant with TIP standards.
  • Digital risk monitoring:
      • Data leak detection and remediation.
      • external asset security monitoring (EASM).
      • brand protection.

Follow us on LinkedIn And X

Access the analysis
Contact