Illusory Wishes: China-nexus APT Targets the Tibetan Community

SUMMARY :

Two cyberattack campaigns, Operation GhostChat and Operation PhantomPrayers, targeted the Tibetan community in June 2025, coinciding with the Dalai Lama's 90th birthday. These attacks involved strategic web compromises, DLL sideloading, and multi-stage infection chains to deploy Ghost RAT and PhantomNet backdoors. The attackers used social engineering tactics, impersonating legitimate platforms and leveraging culturally significant events to lure victims. Both campaigns employed sophisticated evasion techniques, including code injection and API hook bypassing. The attacks are attributed to China-nexus APT groups based on victimology, malware used, and employed tactics. The campaigns highlight the ongoing cyber threats faced by the Tibetan community and the evolving tactics of state-sponsored threat actors.

OPENCTI LABELS :

social engineering,dll sideloading,phantomnet,multi-stage attack,ghost rat,web compromise,tibetan community


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Illusory Wishes: China-nexus APT Targets the Tibetan Community