Adversaries increasingly exploit messaging applications like Telegram for malicious activities due to its features that support anonymity, resilience, and ease of communication. In recent security assessments from NVISO's Security Operations Center (SOC), four distinct intrusion attempts notably utilizing Telegram have been identified since October 2025, underscoring its role in various cyberattack strategies. Telegram acts as a cloud-based messaging platform that facilitates encrypted communications and supports a robust Bot API. This API is frequently co-opted by threat actors who either hard-code bot tokens or leverage particular channels for command-and-control (C2) functions. The platform's characteristics make it appealing for attackers seeking reliable and anonymous ways to execute operations or communicate with compromised systems.