In September 2020, it was documented that Iran's RampantKitten espionage team ran a phishing and surveillance marketing campaign versus dissidents on Telegram.[362] The attack relied on folks downloading a malware-infected file from any supply, at which issue it would change Telegram information to the machine and 'clone' session data. https://www.telegramkko.com/
