Chinese Hackers “RedDelta” Are Targeting the Vatican and Its Organizations

  • Chinese hackers are sending phishing emails to high-ranking Vatican officials to plant RATs.
  • The goal is to gather key intelligence for the upcoming renewal of the China-Vatican provisional agreement.
  • The Catholic Church in China is under persecution and is slowly but steadily pushed out of existence.

A state-sponsored group of Chinese hackers named “RedDelta” are going after the Vatican and Catholic organizations in Hong Kong and mainland China, in a weird case of cyber-espionage. These activities have been recorded by the Insikt Group, who has compiled a detailed report on the RedDelta campaign.

Reportedly, the Vatican has been a target for the Chinese hackers since early May 2020, suffering network intrusions that went mostly undetected. The researchers believe that the hackers’ motive is to gain insight on the Catholic community in Hong Kong and the negotiating position of the Vatican concerning the renewal of the 2018 China-Vatican provisional agreement.

reddelta-targets-catholic-organizations-1-1
Source: Recorded Future

“RedDelta” features some overlapping elements with “Mustang Panda,” another state-supported group of hackers who engage in cyber-espionage operations. Still, the former maintain their own distinct set of DLL side-loaders and encrypted communication systems, so they deserve an individual attribution.

Insikt has identified the deployment of tools like “Poison Ivy” and “Cobalt Strike,” and they have recorded a large number of PlugX C2 servers communicating with Vatican hosts between May 2020 and July 2020. The lure used for the deliverance of the PlugX payload is a letter arriving via a phishing email.

reddelta-targets-catholic-organizations-1-3
Source: Recorded Future

Using the same PlugX variants and the same C2 infrastructure, RedDelta tried their luck with various phishing lures. In one case, they spoofed a news bulletin from the Union of Catholic Asian News regarding the new national security law that passed in Hong Kong.

Related: Hong Kong’s New National Security Law Explained – The Internet Is Changing Drastically in Hong Kong

In another example, the decoy document concerned matters of Islam linked with the Vatican, with the content being a direct copy of the writings of Franco Ometto. In some cases, the phishing emails were sent through already compromised accounts belonging to Vatican officials, substantially increasing success chances.

It has been long established that the Chinese government has a strategic interest in limiting religious freedom in the country. In the case of the Vatican and the Catholic diocese of Hong Kong, this strategic interest becomes even more exigent, as these entities stand for democracy and have expressed anti-Beijing positions in the recent past.

The renewal of the China-Vatican agreement will come this September, so the Chinese are looking to take full control of the Catholic Church, including in Hong Kong. As the Cardinal Joseph Zen stated during a recent interview, the Catholics in China are under persecution, underage individuals are not allowed into churches, no new priests are being ordained, and the Church is essentially bound to disappear soon.

Latest
How to Watch America’s Funniest Home Videos Season 34 Online from Anywhere
What could be the best way to make money, spread laughter, and have a blast simultaneously? The answer: America's Funniest Home Videos....
How to Watch Family Guy Season 22 Online Free from Anywhere
Family Guy Season 22 continues to follow the funny day-to-day activities of the Griffins, particularly Peter’s. The new season is set to...
How to Watch Bob’s Burgers Season 14 Online from Anywhere
Bob's Burgers has been entertaining us with its unique charm and warmth for over 10 years. The Belcher family—Bob, Linda, and their...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari