Security

Chinese Hackers “RedDelta” Are Targeting the Vatican and Its Organizations

By Bill Toulas / July 29, 2020

A state-sponsored group of Chinese hackers named “RedDelta” are going after the Vatican and Catholic organizations in Hong Kong and mainland China, in a weird case of cyber-espionage. These activities have been recorded by the Insikt Group, who has compiled a detailed report on the RedDelta campaign.

Reportedly, the Vatican has been a target for the Chinese hackers since early May 2020, suffering network intrusions that went mostly undetected. The researchers believe that the hackers’ motive is to gain insight on the Catholic community in Hong Kong and the negotiating position of the Vatican concerning the renewal of the 2018 China-Vatican provisional agreement.

reddelta-targets-catholic-organizations-1-1

Source: Recorded Future

“RedDelta” features some overlapping elements with “Mustang Panda,” another state-supported group of hackers who engage in cyber-espionage operations. Still, the former maintain their own distinct set of DLL side-loaders and encrypted communication systems, so they deserve an individual attribution.

Insikt has identified the deployment of tools like “Poison Ivy” and “Cobalt Strike,” and they have recorded a large number of PlugX C2 servers communicating with Vatican hosts between May 2020 and July 2020. The lure used for the deliverance of the PlugX payload is a letter arriving via a phishing email.

reddelta-targets-catholic-organizations-1-3

Source: Recorded Future

Using the same PlugX variants and the same C2 infrastructure, RedDelta tried their luck with various phishing lures. In one case, they spoofed a news bulletin from the Union of Catholic Asian News regarding the new national security law that passed in Hong Kong.

Related: Hong Kong’s New National Security Law Explained – The Internet Is Changing Drastically in Hong Kong

In another example, the decoy document concerned matters of Islam linked with the Vatican, with the content being a direct copy of the writings of Franco Ometto. In some cases, the phishing emails were sent through already compromised accounts belonging to Vatican officials, substantially increasing success chances.

It has been long established that the Chinese government has a strategic interest in limiting religious freedom in the country. In the case of the Vatican and the Catholic diocese of Hong Kong, this strategic interest becomes even more exigent, as these entities stand for democracy and have expressed anti-Beijing positions in the recent past.

The renewal of the China-Vatican agreement will come this September, so the Chinese are looking to take full control of the Catholic Church, including in Hong Kong. As the Cardinal Joseph Zen stated during a recent interview, the Catholics in China are under persecution, underage individuals are not allowed into churches, no new priests are being ordained, and the Church is essentially bound to disappear soon.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: