The cybersecurity firm, Recorded Future, attributed the Chinese attack to a state-sponsored group named RedDelta. It said the group’s attack continued until “at least” July 21.
“The suspected intrusion into the Vatican would offer RedDelta insight into the negotiating position of the Holy See ahead of the deal’s September 2020 renewal,” said Recorded Future, which released a report Tuesday on its findings.
The cyberattack — which began in May, according to the report — marks the latest apparent attempt by Chinese hackers to monitor the activities of religious groups. China, for instance, has waged hacking campaigns against the Uighur minority within its own borders. But in this case, according to the firm, China’s target was the seat of the Roman Catholic Church.
The hackers also targeted the church’s diocese and a study mission in Hong Kong, purportedly as a way to monitor the Vatican’s views on protests in Hong Kong and on a new Chinese security law that has granted Beijing sweeping powers over the city.
The firm’s findings were first reported by the New York Times.
A Vatican spokesman did not respond to a request for comment. The church’s systems have appeared vulnerable at least once in the past; the Vatican’s website was disabled in 2012 for several hours by the hacking group Anonymous. The group said at the time that the attack was a response to crimes committed by clerics in the church’s sexual abuse scandal.
The Chinese Embassy in Rome declined to comment.
The apparent infiltration by RedDelta showed many of the technical hallmarks of previous Chinese-backed efforts, the report said. One way hackers made inroads was by using a “lure document” — a digitized letter, on Vatican letterhead, with a message from high-ranking Cardinal Pietro Parolin. The letter was addressed to Monsignor Javier Corona Herrera, an official in the Holy See’s Hong Kong mission. The report said it was unclear whether the document was fabricated or legitimate; either way, hackers weaponized it with malware.
“Given that the letter was directly addressed to this individual, it is likely that he was the target of a spearphishing attempt,” the report said, referring to an attack on a specific target aimed at stealing sensitive information.
One former high-ranking Italian intelligence official, speaking on the condition of anonymity to discuss a sensitive matter, said China’s reported hacking efforts seemed plausible.
“They use phishing expeditions to hack everything that can be hacked,” the former intelligence official said. “It is a way to exert influence and exercise power.”
Relations between China and the Holy See hinge on what happens in the coming months, as their historic — but provisional — two-year diplomatic deal comes up for renewal. When it was signed in 2018, Pope Francis said the agreement would help “heal the wounds of the past.”
The deal, negotiated in fits and starts over three decades, essentially tried to apply rules about how Catholic bishops in China would be selected. Previously, bishops were appointed by the Chinese state without papal approval, while others, operating underground, swore allegiance to the pope. This led to a de facto split in Catholicism in China.
As part of the 2018 deal, the Vatican agreed to lift the excommunication orders for seven bishops appointed by China without papal approval. In turn, Francis was allowed to have final say on bishop appointments.
China and the Vatican severed diplomatic ties in 1951. Catholicism is one of the five official religions tolerated in China, but its followers are a stark minority — an estimated 10 to 12 million people in the country of nearly 1.4 billion.
The 2018 deal has come under heavy criticism, particularly from Catholics in Hong Kong, who accuse the church of compromising its values and overlooking rights abuses by the Chinese government. In a Washington Post op-ed published in December, Cardinal Joseph Zen, bishop emeritus of Hong Kong, said the Vatican was following a line with China of “appeasement at any cost.”
This month, Vatican-watchers noted that Francis, speaking at St. Peter’s Square, skipped over a passage in which he had been set to address Hong Kong. The Vatican has not offered an explanation of why Francis, who generally sticks to his prepared remarks, this time veered away.