Vatican Infiltrated by Chinese Hackers Ahead of Sensitive Talks

The Vatican’s computer networks have allegedly been infiltrated by Chinese hackers in the run up to sensitive talks between the Catholic Church and Beijing focusing on the religion’s status in China.

This is according to cybersecurity firm Recorded Future, which detected a series of incursions into the Vatican and the Holy See’s Study Mission to China’s systems from the beginning of May. The latter organization is a Hong Kong-based group of de facto Vatican representatives.

It is a suspected case of cyber-espionage, with the Chinese state frequently accused of targeting religious groups, such as Buddhist Tibetans and Muslim Uighurs, through cyber-attacks in recent years. Recorded Future’s report noted that Chinese state-sponsored groups often target religious minorities in the region.

Talks are expected to take place in September between the Vatican and the Chinese government regarding the renewal of a provisional agreement signed in 2018 that revised the terms of the Catholic Church’s operations in China.

The report said multiple PlugX C2 servers that communicated with Vatican hosts were identified from mid-May until at least July 21 2020. In one attack, a customized PlugX payload was hidden in a letter purporting to be from the Vatican to Msgr. Javier Corona Herrera, the chaplain who heads the study mission in Hong Kong.

Recorded Future stated: “From early May 2020, The Vatican and the Catholic Diocese of Hong Kong were among several Catholic Church-related organizations that were targeted by RedDelta, a Chinese-state sponsored threat activity group tracked by Insikt Group.”

It added: “The suspected intrusion into the Vatican would offer RedDelta insight into the negotiating position of the Holy See ahead of the deal’s September 2020 renewal. The targeting of the Hong Kong Study Mission and its Catholic Diocese could also provide a valuable intelligence source for both monitoring the diocese’s relations with the Vatican and its position on Hong Kong’s pro-democracy movement amidst widespread protests and the recent sweeping Hong Kong national security law.”

Speaking to Infosecurity, Sam Curry, chief Security officer at Cybereason, commented: “There are three certainties in life, death, taxes and Beijing’s repeated denials of having any involvement in cyber-espionage. The communist government can then claim plausible deniability and blame some third party that they likely hired to do their dirty work.”

He added: “As for the Vatican or any public or private entity, there is another certainty and that is repeated attempts to steal your proprietary information by a nation-state or rogue hacking group. Reducing risk should be paramount to any organization and one of the ways security analysts can see more deeply into a network is through threat hunting and around the clock monitoring of all inbound and outbound network traffic.”

What’s Hot on Infosecurity Magazine?