Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

Allianz Life says “majority” of customer personal data stolen in a cyber attack

Tesla wants to bring Robotaxis to San Francisco. This is what gets in the way.

Meta name Shengjia Zhao as Chief Scientist of AI Superintelligence Unit

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » China-based APTS will deploy fake Dalai Lama apps to spy on Tibetan communities
Identity

China-based APTS will deploy fake Dalai Lama apps to spy on Tibetan communities

userBy userJuly 24, 2025No Comments3 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

July 24, 2025Ravi LakshmananCyber Spy/Malware

The Tibetan community was targeted by Chinese and Nexus cyberspy groups as part of two campaigns run last month ahead of the Dalai Lama’s 90th birthday on July 6, 2025.

Multi-stage attacks are codenamed Operation GhostChat and Phantomprayers Operations by Zscaler Threatlabz.

“The attackers breached a legal website, redirected users via malicious links, and eventually installed a GH0st rat or PhantomNet (aka Smanager) backdoor on the victim system,” security researchers Sudeep Singh and Roy Tay said in a report Wednesday.

This is not the first time a Chinese threat actor has resorted to a hole attack (aka strategic web compromise). This is a technology in which enemies enter websites where certain groups frequently visit and infect malware.

Cybersecurity

For the past two years, hacking groups such as Evilbamboo, Evasive Panda and Tag-112 have all relied on an approach to targeting the Tibetan diaspora, with the ultimate goal of gathering sensitive information.

Operation Ghostchat

The latest set of attacks observed by Zscaler involves compromise on web pages to replace links pointing to “TibetFund”[.]org/90thbirthday “Invalid Version (” thedalailama90.niccenter[.]net”).

The original webpage is designed to send messages to Dalai Lama, but the replica page will be downloaded from “tbelement.niccenter” and add the option to send the encrypted message to the spiritual reader.[.]A secure chat application named Net “Telement. It claims to be an element of the Tibetan version.

Hosted on the website is a background version of open source encrypted chat software that contains malicious DLLs sideloaded to launch Gh0st Rat, a remote access trojan widely used by various Chinese hacking groups. The web page also contains JavaScript code designed to collect visitor IP addresses and user agent information and portray details to threat actors via HTTP POST requests.

Phantom Operation

Gh0st Rat is a fully-dished malware that supports file manipulation, screen capture, clipboard content extraction, webcam video recording, keylogs, audio recording and playback, process manipulation, and remote shells.

The second campaign, Operation Phantomrayers, is known to utilize another domain, “hhthedalailama90.niccenter.”[.]The Net, “Distribute Fony” 90th birthday global check-in “App (“dalailamacheckin.exe”, called Phantom Player”) will display an interactive map when opened and encourage victims to “send a blessing.”

Cybersecurity

However, malicious features use a backdoor that establishes contact with a command and control (C2) server via TCP using DLL sideload technology, and launches a backdoor that establishes additional plug-in (C2) servers for running on complex machines.

“PhantomNet can be configured to work only within a certain time or a few days, but this feature is not enabled in the current sample,” the researchers said. “PHANTOMNET used modular plug-in DLLs, AES encrypted C2 traffic, and configurable timing operations to stealthly manage compromised systems.”


Source link

#BlockchainIdentity #Cybersecurity #DataProtection #DigitalEthics #DigitalIdentity #Privacy
Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous Article£30 million for green fuels and technology for decarbonized transport
Next Article Do you have a pen test once a year? no. It’s time to build offensive SOCs
user
  • Website

Related Posts

N. The US sanctions company behind the Korean IT scheme. Arizona woman was jailed to run a laptop farm

July 25, 2025

Patchwork targets Turkish defense companies with spear phishing using malicious LNK files

July 25, 2025

Cyberspy Campaign hits Russian aerospace sector using Eaglet Backdoor

July 25, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

Allianz Life says “majority” of customer personal data stolen in a cyber attack

Tesla wants to bring Robotaxis to San Francisco. This is what gets in the way.

Meta name Shengjia Zhao as Chief Scientist of AI Superintelligence Unit

Sam Altman warns that ChatGpt is not legally confidential when using it as a therapist

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

Tim Berners-Lee Unveils the “Missing Link”: How the Web’s Architect Is Building AI’s Trusted Future

Dispatch from London Tech Week: Keir Starmer, The Digital Twin Boom, and FySelf’s Game-Changing TwinH

Is ‘Baby Grok’ the Future of Kids’ AI? Elon Musk Launches New Chatbot

Next-Gen Digital Identity: How TwinH and Avatars Are Redefining Creation

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.