A hacker group allegedly linked to the Chinese Communist Party recently attacked the Vatican and other Catholic organizations, a new report says.
U.S. cybersecurity firm Insikt Group on July 28 published a report (pdf) on how RedDelta, a “Chinese-state sponsored threat activity group” targeted the Vatican, the Catholic Diocese of Hong Kong, and other Catholic Church-related organizations from early May this year.
The report showed an example of the attacks. A document “purported to be an official Vatican letter addressed to the current head of the Hong Kong Study Mission to China” was used to deliver PlugX, a malware program, giving the hackers full control over their targets’ computer systems, Insikt said.
Other malware, such as Poison Ivy and Cobalt Strike, also were deployed to infiltrate their targets’ systems.
The series of attacks used similar infrastructure, tooling, and victimology to those of Mustang Panda, another threat activity group based in China, but also has its own distinctive features.
“Due to RedDelta’s targeting of organizations that heavily align to Chinese strategic interests, use of shared tooling traditionally used by China-based groups, and overlaps with a suspected Chinese state-sponsored threat activity group, Insikt Group believes that the group likely operates on behalf of the People’s Republic of China (PRC) government,” the report stated.
CCP Denies Allegation
China’s Foreign Ministry spokesman Wang Wenbin, speaking at a daily news conference in Beijing on Wednesday, said that China is a “staunch defender” of cybersecurity.
Ample evidence rather than conjecture is needed when investigating cyber events, Wang said.
Beijing routinely denies it engages in any state-backed hacking attempts, and says it is a victim of such threats.
A Vatican spokesperson had no immediate comment. The Hong Kong Study Mission did not respond to a Reuters request for comment.
The CCP-Vatican Deal
These attacks came ahead of the renewal of the “Provisional Agreement between Holy See and China” that is due in September.
The reported hacking follows an extremely rare meeting between Beijing and the Vatican’s foreign minister earlier this year in Germany, marking the highest-level official encounter between the two sides in decades.
Insikt Group believes that “the suspected intrusion into the Vatican would offer RedDelta insight into the negotiating position of the Holy See ahead of the deal’s September 2020 renewal. The targeting of the Hong Kong Study Mission and its Catholic Diocese could also provide a valuable intelligence source for both monitoring the diocese’s relations with the Vatican and its position on Hong Kong’s pro-democracy movement amidst widespread protests and the recent sweeping Hong Kong national security law.”
Targets of the attacks also included the Pontifical Institute for Foreign Missions (PIME) in Italy, and the head of the Hong Kong Study Mission to China, “whose predecessor was considered to have played a vital role in the 2018 agreement.”
“The targeting of entities related to the Catholic church is likely indicative of CCP objectives in consolidating control over the ‘underground’ Catholic church, ‘sinicizing religions’ in China, and diminishing the perceived influence of the Vatican within China’s Catholic community,” the report stated.
In the 2018 deal, Pope Francis endorsed the legitimacy of Beijing-appointed bishops. After breaking of relations with the Vatican in 1951, the CCP has since insisted on nominating its own bishops, despite Vatican tradition that mandates bishops can only be approved with the consent of the Pope.
This did not improve the situation for Catholics in China, Benedict Rogers, East Asia team leader in the human rights organization Christian Solidarity Worldwide (CSW), said in a recent webinar.
“When it comes to religion, or religion and belief, I think we may be seeing the worst situation, the worst crackdowns, actually since the Cultural Revolution,” Rogers said.
Jack Phillips, Mary Clark, and Reuters contributed to this report.