A China-nexus cyber espionage group targeted the Tibetan community with two sophisticated campaigns, Operation GhostChat and Operation PhantomPrayers, just ahead of the Dalai Lamaβs 90th birthday. These campaigns involved web compromises, malware such as Gh0st RAT and PhantomNet, and leveraged watering hole attacks to gather sensitive information. #Gh0stRAT #PhantomNet #TibetanCommunity
Keypoints
- The Tibetan community was targeted through two cyber espionage campaigns by Chinese threat actors.
- Operation GhostChat involved web page compromise and malicious chat software containing Gh0st RAT.
- Operation PhantomPrayers used a fake app to deploy PhantomNet backdoor for stealthy system control.
- Watering hole techniques were employed to infect frequently visited websites of the Tibetan diaspora.
- The malware supported extensive remote access features including keylogging, file manipulation, and webcam recording.
Read More: https://thehackernews.com/2025/07/china-based-apts-deploy-fake-dalai-lama.html