China is suspected of hacking the Vatican. This is why


But China and the Vatican are expected to begin delicate negotiations in September to renew a secret agreement on the control of the Catholic Church in China. Chinese leaders may have been looking for an advantage: insight into how the Holy See planned to get closer to the negotiating table, according to a report released Tuesday by Recorded Future, a threat intelligence firm.

The names of the suspicious groups, such as Mustang Panda and RedDelta, recall the world of the cape and dagger of the medieval Catholic Church, when the Pope sent powerful envoys to royal courts around the world. But the report is less Dan Brown than careful data analysis. He accuses China of using malicious software to break into the Vatican’s internal networks.
“Our investigation uncovered an alleged state-sponsored campaign in China targeting multiple high-profile entities associated with the Catholic Church before the likely renewal of the interim agreement between China and the Vatican in September 2020,” Recorded Future analysts wrote in a report released Tuesday.

Targeting the Vatican, the report continued, was part of China’s ongoing plan to take control of the country’s underground Catholic church, whose leaders are not approved by the Chinese Patriotic Association.

The state of those churches and questions about who has the power to appoint bishops are at the heart of the negotiations between China and the Vatican. China also closely monitors the church’s stance on pro-democracy protests in Hong Kong, according to the report.

A Vatican spokesman declined to comment. The Chinese Foreign Ministry did not immediately respond to a request for comment, but the New York Times, which first reported the story, said a Chinese official denied the report and called the allegations “unfounded speculation.”

China is cracking down on religious groups

Revelations of China’s suspected piracy occur when the country has been accused of rampant human rights abuses against religious minorities, including Muslim Uighurs, Tibetan Buddhists, and Christians.

“State-sponsored repression against all religions continues to intensify,” Secretary of State Mike Pompeo said in June, when the State Department released its report on the state of religious freedom in countries around the world.

“The mass arrests of Uighurs in Xinjiang continue. So does the repression of Tibetans and Buddhists and of Falun Gong and Christians,” Pompeo said.

How detectives noticed suspected hackers

An investigative group within Recorded Future closely monitors online “threat actors”, including state-sponsored hackers in China, a company analyst said. The analyst asked not to be identified because of the sensitivity of the allegations.

“This type of behavior by China is common and has been in recent years,” said the analyst.

Vatican Fast Facts
The hackers’ methods were not particularly sophisticated, one included a common spear phishing tactic, but they are effective, according to the analyst. A “lure” was a letter of condolence from Cardinal Pietro Parolin, Vatican secretary of state, addressed to a Hong Kong church leader, a key participant in the upcoming negotiations. When opened, the letter infects the opener’s computer.

“It is currently unclear whether the actors created the document themselves, or whether it is a legitimate document that they were able to obtain and use as a weapon,” the report said.

Another suspected hacker had the RedDelta malware brands, a “threat activity group” sponsored by the Chinese state, according to the report.

The Registered Future analyst said the Vatican was informed about the piracy, which started in May, according to the report.

.