China-Linked Hackers Target Tibetans with Fake Dalai Lama Apps

Chinese cyber espionage groups launched two campaigns targeting Tibetans ahead of the Dalai Lama's 90th birthday on July 6, 2025, according to Zscaler ThreatLabz researchers. The attacks, named Operation GhostChat and Operation PhantomPrayers, used compromised websites to distribute fake apps. One campaign offered a fraudulent "TElement" chat app claiming to send encrypted messages to the Dalai Lama, while installing Gh0st RAT malware for surveillance. The second distributed a fake "90th Birthday Global Check-in" app that deployed PhantomNet backdoor software. Both malware programs enable extensive spying capabilities including screen capture, keylogging, and remote system control. Chinese hacking groups have previously targeted Tibetan diaspora communities using similar watering hole attack techniques.