China officially recognizes five religions, including Catholicism, but the authorities often suspect religious groups and worshipers of undermining the control of the Communist Party and the state, and of threatening the country’s national security.
Chinese hackers and state authorities have often used cyberattacks to try to gather information on groups of Buddhist Tibetans, Muslim Uighurs and Falun Gong practitioners outside China. But this appears to be the first time that hackers, presumed by cybersecurity experts at Recorded Future to be working for the Chinese state, have been publicly caught directly hacking into the Vatican and the Holy See’s Study Mission to China, the Hong Kong-based group of de facto Vatican representatives who have played a role in negotiating the Catholic Church’s status. The Vatican and Beijing are expected to start talks in September over control of the appointment of bishops and the status of houses of worship as part of a renewal of a provisional agreement signed in 2018 that revised the terms of the Catholic Church’s operations in China.
One of the attacks, which began in early May, was hidden inside a document that appeared to be a legitimate letter from the Vatican to Msgr. Javier Corona Herrera, the chaplain who heads the study mission in Hong Kong,” reports The New York Times.
“It was an artful deception: an electronic file that looked as if it was on the official stationery of Archbishop Edgar Pena Parra. The letter carried a message from Cardinal Pietro Parolin, the Vatican’s secretary of state, the pope’s second in command and an old China hand who has defended the deal. In his message, Cardinal Parolin expressed the pope’s sadness about the death of a bishop. It is unclear whether the letter was fabricated or a real document that the attackers had obtained and then linked to malware that gave them access to the computers of the Hong Kong church offices and the Vatican’s mail servers. Recorded Future concluded that the attack was most likely connected to negotiations over the extension of the 2018 agreement.”