While Telegram bots being used to exfiltrate information is not new, it has not been commonly used by threat actors in the past for credential phishing, and researchers noted that the significant increase is primarily associated with the current popular tactic of using HTML attachments as delivery mechanisms and the ease of Telegram's setup.