China is suspected of hacking the Vatican. Here’s why

But China and the Vatican are expected to begin sensitive negotiations in September to a renew a secret deal over control of the Catholic Church in China. Chinese leaders may have been looking for an advantage — inside knowledge on how the Holy See planned to approach the bargaining table, according to a report released Tuesday by Recorded Future, a threat intelligence firm. The names of the suspected groups, such as Mustang Panda and RedDelta, bring to mind the cloak-and-dagger world of the medieval Catholic Church, when the Pope dispatched powerful envoys to royal courts around the world. But the report is less Dan Brown than careful data analysis. It accuses China of using malicious software to slip into the Vatican’s internal networks. “Our research uncovered a suspected China state-sponsored campaign targeting multiple high-profile entities associated with the Catholic Church ahead of the likely renewal of the provisional China-Vatican deal in September 2020,” analysts at Recorded Future wrote in a report released Tuesday. Targeting the Vatican, the report continued, was part of China’s ongoing plan to seize control of the country’s underground Catholic church, whose leaders are not approved by the state-run China Patriotic Association. The status of those churches and questions about who has the power to name bishops are at the crux of the negotiations between China and the Vatican. China also is keeping a close eye on the church’s stance on pro-democracy protests in Hong Kong, according to the report. A spokesman for the Vatican declined to comment. The Chinese Foreign ministry did not immediately respond to a request for comment, but the New York Times, which first reported the story, said a Chinese official denied the report and called the accusations “groundless speculation.”China is cracking down on religious groups The revelations of China’s suspecting hacking come as the country has been accused of rampant human rights abuses against religious minorities, including Muslim Uighurs, Tibetan Buddhists and Christians. “State-sponsored repression against all religions continues to intensify,” Secretary of State Mike Pompeo said in June, when the State Department released its report on the state of religious freedom in countries across the world. “The mass detentions of Uighurs in Xinjiang continues. So does the repression of Tibetans and Buddhists and Falun Gong and Christians,” Pompeo said. How sleuths noticed the suspected hackers A research group within Recorded Future keeps a close eye on “threat actors” online, including state-sponsored hackers in China, said an analyst with the company. The analyst asked not to be named because of the sensitivity of the accusations. “This kind of behavior by China is common and has been over the last couple of years,” the analyst said. The hackers’ methods weren’t particularly sophisticated — one included a common spear phishing tactic — but they are effective, according to the analyst. One “lure” was a condolence letter from Cardinal Pietro Parolin, the Vatican’s Secretary of State, to a leader in the Hong Kong church, a key participant in the upcoming negotiations. Upon opening, the letter infects the opener’s computer. “It is currently unclear whether the actors created the document themselves, or whether it is a legitimate document they were able to obtain and weaponize,” the report said. Another suspected hack bore the malware marks of RedDelta, a a Chinese-state sponsored “threat activity group,” according to the report. The Recorded Future analyst said the Vatican was told about the hacking, which began in May, according to the report.