China Suspected of Hacking the Vatican Ahead of Negotiations

Researchers said that the network intrusions took place ahead of talks to renew a “provisional agreement” between the Holy See and China, which was sealed in 2018 and expires in September.

Pope Francis waves at pilgrims from China at his general audience in St. Peter's Square on Sept. 7, 2016.
Pope Francis waves at pilgrims from China at his general audience in St. Peter's Square on Sept. 7, 2016. (photo: Daniel Ibanez/EWTN)

VATICAN CITY — State-sponsored hackers have reportedly targeted Vatican computer networks in an attempt to give China an advantage in negotiations to renew a provisional deal with the Holy See.  

A report, released July 28, said that hackers may have used a counterfeit condolence message from Cardinal Pietro Parolin, the Vatican Secretary of State, to gain access to Vatican communications. 

The report was compiled by the Insikt Group, the research arm of the U.S.-based cybersecurity company Recorded Future. Researchers said they had uncovered “a cyberespionage campaign attributed to a suspected Chinese state-sponsored threat activity group,” which they referred to as RedDelta.

Investigators said that RedDelta had targeted the Vatican and the Catholic Diocese of Hong Kong from early May. 

Other Catholic targets included the Hong Kong Study Mission to China and the Pontifical Institute for Foreign Missions (PIME) in Italy. The report noted that these organizations “have not been publicly reported as targets of Chinese threat activity groups prior to this campaign.” 

Researchers said that the network intrusions took place ahead of talks to renew a “provisional agreement” between the Holy See and China, which was sealed in 2018 and expires in September.

“The suspected intrusion into the Vatican would offer RedDelta insight into the negotiating position of the Holy See ahead of the deal’s September 2020 renewal. The targeting of the Hong Kong Study Mission and its Catholic Diocese could also provide a valuable intelligence source for both monitoring the diocese’s relations with the Vatican and its position on Hong Kong’s pro-democracy movement amidst widespread protests and the recent sweeping Hong Kong national security law,” the report concluded.

Earlier this month ZDNet reported that the Diocese of Hong Kong was targeted by “spearphishing” operations from the Chinese government.

The technology publication said that hackers associated with the Chinese authorities repeatedly attacked officials with the Diocese of Hong Kong with legitimate-looking documents that actually install malware on the user’s computer.

The Insikt Group noted that ZDNet had highlighted a condolence message, purportedly written by Parolin and dated May 14, which hackers used as a “lure document.” 

It said: “The document purported to be an official Vatican letter addressed to the current head of the Hong Kong Study Mission to China. It is currently unclear whether the actors created the document themselves, or whether it is a legitimate document they were able to obtain and weaponize.” 

“Given that the letter was directly addressed to this individual, it is likely that he was the target of a spearphishing attempt. Additionally, as this sample was compiled after signs of an intrusion within the Vatican network, it is also possible that the phishing lure was sent through a compromised Vatican account.”

Cardinal Parolin and the Secretariat of State did not respond to CNA’s request for comment.