{
	"id": "52b41428-349a-44bb-af42-2e04e3379b50",
	"created_at": "2026-04-06T00:17:22.233295Z",
	"updated_at": "2026-04-10T03:24:50.35023Z",
	"deleted_at": null,
	"sha1_hash": "6e4d53352ccb1f57ced15bbbce1464d06ab4c33b",
	"title": "This app will self-destruct: How Belarusian hackers created an alternative Telegram for activists",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 104104,
	"plain_text": "This app will self-destruct: How Belarusian hackers created an\r\nalternative Telegram for activists\r\nBy Daryna Antoniuk\r\nPublished: 2023-02-02 · Archived: 2026-04-02 10:35:12 UTC\r\nWhen a 25-year-old activist from Minsk who goes by Pavlo was detained by Belarusian KGB security forces last\r\nsummer, he knew they would search his phone, looking for evidence of his involvement in anti-government\r\nprotests.\r\nThe police officer asked for Pavlo’s password to Telegram, the most popular messenger app among Belarusian\r\nactivists, which he gave him. The officer entered it and… found nothing. All secret chats and news channels had\r\ndisappeared, and after a few minutes of questioning Pavlo was released. \r\nPavlo’s secret? A secure version of Telegram, developed by a hacktivist group from Belarus called the Cyber\r\nPartisans. Partisan Telegram, or P-Telegram, automatically deletes pre-selected chats when someone enters the so-called SOS password.\r\nP-Telegram is used by activists in Belarus and Iran, as well as Ukrainians living in Russia-occupied territories,\r\naccording to Yuliana Shemetovets, Cyber Partisans' spokesperson.\r\nThe Belarusian app is indistinguishable from the original, as it is built on Telegram’s open-source code. However,\r\nit promises something that many social networks fail to provide – security for its users.\r\nAnd as the app's popularity continues to grow, Cyber Partisans — known primarily for cyberattacks against the\r\nBelarusian government and high-profile data leaks — are planning to improve it further. Until now, hacktivists\r\nspent money from their own pockets on the app, but they have taken steps to obtain grant funding from foreign\r\norganizations. \r\n“Foreigners don't want to sponsor our cyberattacks because it's a gray area, but digital security always sparks\r\ninterest,” Shemetovets told The Record.\r\nVoice of protest\r\nTelegram helped start a revolution in Belarus in the summer of 2020 when thousands of people flooded the streets\r\nto protest the results of the presidential election rigged by the country’s dictator Alexander Lukashenko.\r\nProtestors used the app to organize and coordinate mass rallies, post updates, photos, and videos, and keep morale\r\nup. At that time, Telegram was one of the few sources of information that was not censored or banned by the\r\nstate. \r\nTelegram news channel Nexta Live, for example, grew from several hundred thousand followers to more than 2\r\nmillion in the days following the election. Nexta covered the protests in Belarus amid nationwide internet\r\nhttps://therecord.media/this-app-will-self-destruct-how-belarusian-hackers-created-an-alternative-telegram-for-activists/\r\nPage 1 of 6\n\nblackouts, publishing footage of police violence, real-time locations of pro-regime security forces, and protesters'\r\npleas for help.\r\nThe Belarusian authorities couldn't block the Telegram channel, so in October 2020 they declared Nexta an\r\nextremist organization to scare its subscribers, but to no avail.\r\nA Nexta Live Telegram post about the case of three Belarusian men accused of sabotaging a rail line\r\nfor Russian troops and supplies.\r\nTelegram was the perfect app for the Belarusian protesters. It allows huge chat groups of up to 200,000 people,\r\nincluding encrypted secret chats. The app has virtually no content moderation, allowing people to post footage that\r\nFacebook or Instagram would ban or flag as sensitive.\r\nTelegram combines the features of a messenger and a social network like Twitter. It has been adopted by protesters\r\nin Hong Kong and Iran, as well as by cybercriminals who use Telegram to advertise their services and publish data\r\nleaks.\r\nSince the app was founded in 2013 by Russian tech entrepreneur Pavel Durov and his brother, its growth has been\r\nremarkable, reaching 700 million monthly users in June this year.\r\nTelegram's popularity among activists has its drawbacks — the app has attracted the attention of law enforcement\r\nagencies in countries where free speech is suppressed, in particular Russia, China, Iran and Belarus.\r\nhttps://therecord.media/this-app-will-self-destruct-how-belarusian-hackers-created-an-alternative-telegram-for-activists/\r\nPage 2 of 6\n\nLukashenko repeatedly expressed his irritation at the inability to block Telegram in Belarus. In an interview in\r\n2020, he lamented that even if he shuts down the internet in the country, Telegram channels will continue to work\r\nfrom Poland, where many Belarusian activists fled during the protests.\r\nLukashenko ordered the so-called siloviki — pro-regime security forces — to detain “suspicious” people on the\r\nstreets or in the subway and check their Telegram to identify those who support the protests.\r\nOne of the activists was detained while walking in a park, where the police were looking for people who had\r\npainted the trees in red and white, the colors of the Belarusian protests. The police officer checked the activist's\r\nphone but did not find any evidence there, because he used P-Telegram.\r\nMany Cyber Partisans have repeatedly been in situations where the police checked their phones, according to\r\nShemetovets. They created the app primarily to protect themselves during searches.\r\nSecure alternative\r\nBelarusian hacktivists launched P-Telegram in 2021. About 10,000 people have already downloaded it from\r\nGitHub, but the total number of users may be higher, as there are other ways to install the app, but they are harder\r\nto track, according to Shemetovets.\r\nThe app is developed by a group consisting of three people and several testers — they focus solely on the product\r\nand are not involved in cyberattacks.\r\nShemetovets declined to identify them. Anti-government activity in Belarus is considered treason and is\r\npunishable by the death penalty.\r\nThe main security feature of P-Telegram is the SOS password — a fake password, which, when entered, activates\r\na number of predefined actions. For example, after entering a fake password, P-Telegram can automatically log\r\nout of the account, delete selected chats and channels, and even send a notification about the arrest of the account\r\nowners to their friends or families.\r\nP-Telegram also allows other activists to remotely activate the SOS password on the detainee's phone. For this,\r\nthey need to send a code word to any of the shared Telegram chats.\r\nAnother feature on P-Telegram automatically takes photos of law enforcement officers on the front camera when\r\nthey enter a fake password. “We warn users that this can be dangerous, as this photo will be stored on the phone,\r\nrevealing that a person may use Partisan Telegram,” Shemetovets said. \r\nCyber Partisans are constantly updating their app, fixing bugs, and adding new features. They also regularly\r\nconduct independent audits to ensure that P-Telegram complies with all security measures.\r\nA recent audit by Open Technology Fund’s Red Team Lab proved that it is almost impossible for \"casual\r\nobservers without technical knowledge and specialized equipment\" to identify the existence of P-Telegram on a\r\ndevice.\r\nAll Cyber Partisans safety features “performed as expected, and no additional application vulnerabilities were\r\nfound,” the audit said.\r\nhttps://therecord.media/this-app-will-self-destruct-how-belarusian-hackers-created-an-alternative-telegram-for-activists/\r\nPage 3 of 6\n\nThere are also a few shortcomings. The researchers indicated that P-Telegram occupies significantly more space\r\non a disk than the standard version of Telegram. It is \"unlikely\" that developers will be able to get rid of this\r\nvulnerability because \"P-Telegram will always be larger than the original,\" the audit said.\r\nThe researchers also observed that the key used to sign official release versions of P-Telegram could be found in\r\ntwo public GitHub repositories, meaning that threat actors could use them to create a malicious version of the app\r\nand convince users to install it. Shemetovets told The Record that Cyber Partisans have already addressed this\r\nissue.\r\nOther risks\r\nAlthough P-Telegram protects the data of activists illegally detained by law enforcement officers, the app cannot\r\nprotect it from Telegram itself.\r\nTelegram doesn't use end-to-end encryption by default, which would ensure that the information is only accessible\r\nto the people in the conversation, not to the messaging service.\r\nWhatsApp and Signal, for example, use end-to-end encryption in all their chats and calls, while Telegram only has\r\nthis option in so-called “secret chats.” This means that the app’s key organizing feature — large groups — are not\r\nsecured end-to-end, security experts told The Record.\r\nIn addition to encryption, Telegram has another problem — it came from Russia. Before founding the app, Pavlo\r\nDurov ran Russia’s social media giant VKontakte but was pushed out by pro-Kremlin interests and emigrated to\r\nDubai, where Telegram is now based.\r\nDurov often clashed with the Russian government. In 2017, a Moscow court fined Telegram $11 million after\r\nDurov allegedly refused to disclose user information following an FSB request. In 2018, Russia imposed a two-year ban on Telegram due to alleged user privacy issues, but the app has continued to thrive in the country.\r\nCyber Partisans advise their users to use secret chats so that Telegram cannot pass their information to Belarusian\r\nsecurity services in the future. \"So far we don't see Telegram being interested in that,\" Shemetovets said.\r\nTelegram has been blocked temporarily or permanently by governments in Iran, China, Vietnam, and Pakistan.\r\nState policy regarding Telegram in some of these countries had the opposite effect as what was intended —\r\ninterest in the app only increased.\r\nOver 45 million Iranians, half of the population, used Telegram in 2021 despite it being blocked by the\r\ngovernment to “safeguard the national interest.” \r\nIn September this year, Iranian activists warned that the country’s government was using Telegram to \"identify\r\nand harm\" protesters who took to the streets after a young Kurdish woman died in custody following her arrest by\r\nthe morality police for wearing an improper hijab.\r\nWith the outbreak of protests in Iran, Cyber Partisans translated their app into Persian after being approached by\r\nlocal activists. \r\nhttps://therecord.media/this-app-will-self-destruct-how-belarusian-hackers-created-an-alternative-telegram-for-activists/\r\nPage 4 of 6\n\nDuring the war, P-Telegram has also become popular in Ukraine, or rather in the Ukrainian territory occupied by\r\nRussia. Russian authorities check the Telegram of local residents to see if they have sent any information about the\r\nlocation of Russian troops to the Ukrainian military, or if they read Ukrainian media, according to Shemetovets. P-Telegram can protect them during these searches, she added.\r\nCyber Partisans have no connection with the Russian opposition and hacktivist groups: \"We do not trust them and\r\ndo not see protest potential in Russia,\" Shemetovets said.\r\nNeither Belarusian nor Russian special services have yet tried to shut down P-Telegram. Shemetovets believes\r\nthey have other problems. \"They can't even secure their own systems,\" she told The Record.\r\nDaryna Antoniuk\r\nis a reporter for Recorded Future News based in Ukraine. She writes about cybersecurity startups, cyberattacks in\r\nEastern Europe and the state of the cyberwar between Ukraine and Russia. She previously was a tech reporter for\r\nForbes Ukraine. Her work has also been published at Sifted, The Kyiv Independent and The Kyiv Post.\r\nhttps://therecord.media/this-app-will-self-destruct-how-belarusian-hackers-created-an-alternative-telegram-for-activists/\r\nPage 5 of 6\n\nSource: https://therecord.media/this-app-will-self-destruct-how-belarusian-hackers-created-an-alternative-telegram-for-activists/\r\nhttps://therecord.media/this-app-will-self-destruct-how-belarusian-hackers-created-an-alternative-telegram-for-activists/\r\nPage 6 of 6",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"references": [
		"https://therecord.media/this-app-will-self-destruct-how-belarusian-hackers-created-an-alternative-telegram-for-activists/"
	],
	"report_names": [
		"this-app-will-self-destruct-how-belarusian-hackers-created-an-alternative-telegram-for-activists"
	],
	"threat_actors": [
		{
			"id": "4f472ea8-b147-486d-8533-88f8036343a6",
			"created_at": "2024-01-23T13:22:35.081084Z",
			"updated_at": "2026-04-10T02:00:03.520098Z",
			"deleted_at": null,
			"main_name": "Cyber Partisans",
			"aliases": [],
			"source_name": "MISPGALAXY:Cyber Partisans",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434642,
	"ts_updated_at": 1775791490,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6e4d53352ccb1f57ced15bbbce1464d06ab4c33b.pdf",
		"text": "https://archive.orkl.eu/6e4d53352ccb1f57ced15bbbce1464d06ab4c33b.txt",
		"img": "https://archive.orkl.eu/6e4d53352ccb1f57ced15bbbce1464d06ab4c33b.jpg"
	}
}