One of the largest international cybersecurity firms claims that the Chinese have hacked since May the Vatican agencies involved in the renewal of the agreement.
by Massimo Introvigne
The renewal of the Vatican-China deal of 2018 is due in September 2020. The agreement is a matter of controversy within the Roman Catholic Church and beyond, although high-placed Vatican officers have indicated that it will be renewed.
That the relationship between the Vatican and the CCP is not one of trust seems to be confirmed by a report published on July 28, 2020 by Recorded Future, one of the largest international cybersecurity firms.
The report claims that, since early May 2020, the CCP has launched a successful cyberattack against the mail servers and computers of several Vatican departments, the Pontifical Institute of Foreign Missions (PIME), the Catholic Diocese of Hong Kong, and the Vatican-related Hong Kong Study Mission to China, whose predecessor played a key role in the 2018 deal. According to Recorded Future, the CCP thus accessed confidential email and documents.
While the attack exhibits similarities to those perpetrated in the past by CCP hackers belonging to a group known as Mustang Panda, or The Bronze President, the report claims that a technical analysis indicated another CCP group of hackers, RedDelta, as the perpetrator of the attack on the Vatican.
The attack started with a mail including as an enclosure a letter signed by Venezuelan Archbishop Edgar Robinson Peña Parra, the Substitute for General Affairs of the Secretariat of State, sent to Monsignor Javier Corona Herrera at the Hong Kong Study Mission to China and including a message from the Vatican Secretary of State, Cardinal Pietro Parolin, conveying the condolences of Pope Francis for the death of the elderly Bishop Joseph Ma Zongmu (1919–2020).
It is unclear whether this was a genuine or a fabricated letter but what is clear, according to the report, is that, by opening the enclosure, the Study Mission in Hong Kong gave to the CCP hackers access to its computers. The other Catholic targets were attacked with the same malware, that Recorded Future claims to have also found in computers of the National Police Academy and the Airport Authority in India, and the Ministry of Internal Affairs in Indonesia, and identified as coming from RedDelta.
In the case of PIME and other Catholic entities, the enclosures including the malware were a spoof of an UCA News article on Hong Kong and a text in Italian taken from the writings of Catholic scholar (living in Iran) Franco Ometto, “Qom: The Vatican of Islam.” Again, once they had opened the enclosures, the recipients had given to the CCP hackers access to their systems.
The relationship between the Vatican and the CCP looks increasingly as a spy story. Bitter Winter’s proposal to make the content of the 2018 deal public seems to maintain its interest in view of these recent developments.