{"id":39734,"date":"2021-02-25T17:47:50","date_gmt":"2021-02-25T17:47:50","guid":{"rendered":"http:\/\/15561816-f87a-4c6b-9310-726485f99e88"},"modified":"2021-02-25T17:47:50","modified_gmt":"2021-02-25T17:47:50","slug":"chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\/","title":{"rendered":"Chinese cyberspies targeted Tibetans with a malicious Firefox add-on"},"content":{"rendered":"<figure class=\"image image-original shortcode-image\"><span class=\"img aspect-set \"><img decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/hub\/i\/2021\/02\/25\/7af52bfa-01b7-4a5b-aed4-d01d27b33af5\/ta413-firefox-attack.jpg\" class alt=\"ta413-firefox-attack.jpg\"><\/span><figcaption><span class=\"caption\"><\/span><span class=\"credit\"> Image: Proofpoint <\/span><\/figcaption><\/figure>\n<p>Chinese state-sponsored hackers have gone after Tibetan organizations across the world using a malicious Firefox add-on that was configured to steal Gmail and Firefox browser data and then download malware on infected systems.<\/p>\n<div class=\"relatedContent alignRight\" readability=\"8.0321285140562\">\n<h3 class=\"heading\"> <span class=\"int\">Special feature<\/span> <\/h3>\n<div class=\"thumb\"> <a href=\"https:\/\/www.zdnet.com\/topic\/cyberwar-and-the-future-of-cybersecurity\/\" data-omniture-track=\"moduleClick\" data-omniture-track-data=\"{&quot;moduleInfo&quot;: &quot;pinbox&quot;, &quot;pageType&quot;: &quot;article&quot;}\" data-vanity-rewritten=\"true\"> <span class=\"img \"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.zdnet.com\/a\/hub\/i\/r\/2016\/09\/01\/fa215859-76c8-4ab7-8b55-56a42e0d8950\/resize\/220x165\/cf651a47272fd8abf79b87f4b45ba3c4\/09-2016-special-feature-cover-art.jpg\" class alt=\"Cyberwar and the Future of Cybersecurity\" height=\"165\" width=\"220\"><\/span> <\/a> <\/div>\n<p class=\"title\"> <a href=\"https:\/\/www.zdnet.com\/topic\/cyberwar-and-the-future-of-cybersecurity\/\" data-omniture-track=\"moduleClick\" data-omniture-track-data=\"{&quot;moduleInfo&quot;: &quot;pinbox&quot;, &quot;pageType&quot;: &quot;article&quot;}\" data-vanity-rewritten=\"true\"> Cyberwar and the Future of Cybersecurity <\/a> <\/p>\n<p class=\"dek\">Today&#8217;s security threats have expanded in scope and seriousness. There can now be millions &#8212; or even billions &#8212; of dollars at risk when information security isn&#8217;t handled properly.<\/p>\n<p class=\"read-more\"> <a href=\"https:\/\/www.zdnet.com\/topic\/cyberwar-and-the-future-of-cybersecurity\/\" data-omniture-track=\"moduleClick\" data-omniture-track-data=\"{&quot;moduleInfo&quot;: &quot;pinbox&quot;, &quot;pageType&quot;: &quot;article&quot;}\" data-vanity-rewritten=\"true\">Read More<\/a> <\/p>\n<\/p><\/div>\n<p>The attacks, discovered by cybersecurity firm Proofpoint this month, have been linked to a group the company tracks under the codename of&nbsp;<a href=\"https:\/\/malpedia.caad.fkie.fraunhofer.de\/actor\/ta413\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\"><strong>TA413<\/strong><\/a>.<\/p>\n<h3>Only Firefox users were targeted<\/h3>\n<p>Proofpoint said the attackers targeted Tibetan organizations with spear-phishing emails that lured members on websites where they&#8217;d be prompted to install a Flash update to view the site&#8217;s content.<\/p>\n<p>These websites contained code that separated users. Only Firefox users with an active Gmail session were prompted to install the malicious add-on.<\/p>\n<p>The Proofpoint team said that while the extension was named &#8220;Flash update components,&#8221; it was actually a version of the legitimate &#8220;Gmail notifier (restartless)&#8221; add-on, with additional malicious code. Per the research team, this code could abuse the following functions on infected browsers:<\/p>\n<p><strong>Gmail:<\/strong><\/p>\n<ul>\n<li>Search emails &nbsp;<\/li>\n<li>Archive emails &nbsp;<\/li>\n<li>Receive Gmail notifications &nbsp;<\/li>\n<li>Read emails &nbsp;<\/li>\n<li>Alter Firefox browser audio and visual alert features<\/li>\n<li>Label emails &nbsp;<\/li>\n<li>Marks emails as spam &nbsp;<\/li>\n<li>Delete messages &nbsp;<\/li>\n<li>Refresh inbox &nbsp;<\/li>\n<li>Forward emails &nbsp;<\/li>\n<li>Perform function searches &nbsp;<\/li>\n<li>Delete messages from Gmail trash &nbsp;<\/li>\n<li>Send mail from the compromised account &nbsp;<\/li>\n<\/ul>\n<p><strong>Firefox (based on granted browser permissions):<\/strong><\/p>\n<ul>\n<li>Access user data for all websites<\/li>\n<li>Display notifications<\/li>\n<li>Read and modify privacy settings<\/li>\n<li>Access browser tabs<\/li>\n<\/ul>\n<h3>Firefox add-on also installed malware<\/h3>\n<section class=\"sharethrough-top\" data-component=\"medusaContentRecommendation\" data-medusa-content-recommendation-options=\"{&quot;promo&quot;:&quot;promo_zd_recommendation_sharethrough_top_in_article_desktop&quot;,&quot;spot&quot;:&quot;dfp-in-article&quot;}\"> <\/section>\n<p>But the attack didn&#8217;t stop here. Proofpoint said the extension also downloaded and installed the&nbsp;<a href=\"https:\/\/malpedia.caad.fkie.fraunhofer.de\/details\/js.scanbox\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">ScanBox malware<\/a>&nbsp;on infected systems.<\/p>\n<p>A PHP and JavaScript-based reconnaissance framework, this malware is an old tool seen in previous attacks carried out by Chinese cyber-espionage groups.<\/p>\n<p>&#8220;Scanbox has been used in numerous campaigns since 2014 to target the Tibetan Diaspora along with other ethnic minorities often targeted by groups aligned with the Chinese state interests,&#8221;&nbsp;<a href=\"https:\/\/www.proofpoint.com\/us\/blog\/threat-insight\/ta413-leverages-new-friarfox-browser-extension-target-gmail-accounts-global\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">Proofpoint said in a report today<\/a>.<\/p>\n<p>The last recorded case of a ScanBox attack dates back to 2019 when Recorded Future reported&nbsp;<a href=\"https:\/\/www.recordedfuture.com\/scanbox-framework-campaign\/\" target=\"_blank\" rel=\"noopener noreferrer nofollow\" data-component=\"externalLink\">attacks against visitors of Pakistani and Tibetan websites<\/a>.<\/p>\n<p>As for its capabilities, Proofpoint says ScanBox is &#8220;capable of tracking visitors to specific websites, performing keylogging, and collecting user data that can be leveraged in future intrusion attempts,&#8221; making this a dangerous threat to have installed on your systems.<\/p>\n<h3>Flash EOL might have helped attackers<\/h3>\n<p>In this particular campaign, which Proofpoint codenamed&nbsp;<strong>FriarFox<\/strong>, attacks began in January 2021 and continued throughout February.<\/p>\n<p>Although hackers have been using fake Flash update themes for years and most users know to stay away from websites offering Flash updates out of the blue, these attacks are believed to have worked much better than previous ones.<\/p>\n<p>The reason is that Adobe retired Flash Player at the end of 2020, and all Flash content stopped playing inside browsers&nbsp;<a href=\"https:\/\/www.zdnet.com\/article\/adobe-to-block-flash-content-from-running-on-january-12-2021\/\" target=\"_blank\" rel=\"noopener noreferrer\">on January 12, 2021<\/a>, when Proofpoint also saw the first TA413 FriarFox campaigns targeting Tibetan organizations.<\/p>\n<p> READ MORE <a href=\"https:\/\/www.zdnet.com\/article\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\/#ftag=RSSbaffb68\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Chinese hacking group used the malicious add-on to collect Gmail and Firefox data from their victims.<br \/>\nREAD MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":39735,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[62],"tags":[],"class_list":["post-39734","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-zdnet-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Chinese cyberspies targeted Tibetans with a malicious Firefox add-on 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Chinese cyberspies targeted Tibetans with a malicious Firefox add-on 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-02-25T17:47:50+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/02\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"462\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Chinese cyberspies targeted Tibetans with a malicious Firefox add-on\",\"datePublished\":\"2021-02-25T17:47:50+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\\\/\"},\"wordCount\":537,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/02\\\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on.jpg\",\"articleSection\":[\"ZDNet | Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\\\/\",\"name\":\"Chinese cyberspies targeted Tibetans with a malicious Firefox add-on 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/02\\\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on.jpg\",\"datePublished\":\"2021-02-25T17:47:50+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/02\\\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/02\\\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on.jpg\",\"width\":1000,\"height\":462},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Chinese cyberspies targeted Tibetans with a malicious Firefox add-on\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Chinese cyberspies targeted Tibetans with a malicious Firefox add-on 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\/","og_locale":"en_US","og_type":"article","og_title":"Chinese cyberspies targeted Tibetans with a malicious Firefox add-on 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-02-25T17:47:50+00:00","og_image":[{"width":1000,"height":462,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/02\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Chinese cyberspies targeted Tibetans with a malicious Firefox add-on","datePublished":"2021-02-25T17:47:50+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\/"},"wordCount":537,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/02\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on.jpg","articleSection":["ZDNet | Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\/","url":"https:\/\/www.threatshub.org\/blog\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\/","name":"Chinese cyberspies targeted Tibetans with a malicious Firefox add-on 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/02\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on.jpg","datePublished":"2021-02-25T17:47:50+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/02\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/02\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on.jpg","width":1000,"height":462},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/chinese-cyberspies-targeted-tibetans-with-a-malicious-firefox-add-on\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Chinese cyberspies targeted Tibetans with a malicious Firefox add-on"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39734","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=39734"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39734\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/39735"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=39734"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=39734"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=39734"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}