ROME—The offices that house the Vatican’s computer network system were one of the few allowed to stay minimally staffed during the pandemic to ensure that God's work—as it were—continued unfettered.
But in early May, weeks before Italy and the Vatican emerged from a draconian COVID-19 lockdown, a series of cyber intrusions reportedly took place, masterminded by Chinese hackers keen on eavesdropping on the Pope's plans for the controversial Catholic Church in China, according to the cybersecurity firm Recorded Future and reported in The New York Times.
One of the hacks used a fairly standard Trojan malware called PlugX Payload, which was woven into the coding on a cable sent from the office of the Vatican's secretary of state to Monsignor Javier Corona Herrera in Hong Kong. The letter expressed condolences from the pope over the death of a bishop, fairly standard practice in an institution built on rituals and traditions.
But when the office in Hong Kong opened the cable, it unleashed the malware.
The breach into the Vatican system allowed the deviants to then access the receiving computer network—in the case of the condolence letter, the Catholic Church’s China Study Mission in Hong Kong. By sending what looked like a legitimate cable from behind the Vatican's secure firewall, the hackers could be sure the entity opening it would do so without suspicion, and unwittingly grant access. The act is called spear phishing which, unlike regular phishing, is highly targeted. The Diocese of Hong Kong was also targeted and the Pontifical Institute for Foreign Missions in Milan was also singled out.
Recorded Future’s report states that additional hacks were found using the same malware. “The first sample included a lure document spoofing a news bulletin from the Union of Catholic Asian News regarding the impending introduction of the new Hong Kong national security law,” the report states. Another hack refers to the Vatican and uses a document called, “QUM, IL VATICANO DELL’ISLAM.doc” as the decoy. The document refers to the Shi’ite city of Qom and includes writings from an Italian Catholic academic living in Iran. “Although the direct target of these two lures are unclear, both relate to the Catholic church,” Recorded Future states in the report.
A source who worked in the Vatican's security office before being furloughed over the pandemic told The Daily Beast that one of the biggest fears the Vatican had was exactly what happened: being hacked by Chinese government operatives looking to derail important talks set for September intended to bolster the tenuous relationship between the Vatican and the Chinese Catholic Church.
In 2018, Pope Francis broke a 60-year-stalemate between the Roman Catholic Church and the Chinese Catholic Church that grew from an attempt in 1960 for Beijing to set up its own Holy See, and shut the real one out. The Chinese Holy See was called the Catholic Patriotic Association and instead of accepting bishops chosen by Rome, as in nearly every other diocese in the world, they chose their own political appointees. During those 60 years, Chinese Catholics were only allowed to worship openly if they adhered to the Chinese Church's rules, which spawned an underground Catholic Church that instead followed Rome's orders. Those bishops have now been sidelined as part of the 2018 deal.
The conflict is far from over, but the 2018 agreement between Beijing and Rome, which has never been published but is hailed as landmark, was set to be renewed and expanded next month. The most contentious aspects of the ongoing negotiations were being discussed between Rome and Hong Kong separately, so they could strategize about how to deal with China's insistence that they still choose politically appointed bishops and give the pope the opportunity to "bless" them but not remove or replace them.
Those preparatory meetings between Rome and Hong Kong would have normally taken place in person to avoid exactly what happened but thanks to the pandemic, many exist in the form of secret cables.
The Vatican has made no public statement on the matter, but an official told the Catholic website Asia News, “To say that China spies on the Vatican is like discovering hot water. By now espionage and hackers have become an international problem we have to live with.”
What happens next is worrying for the Vatican. The hack, now discovered, will likely stop here. But that might also mean the same thing happens to this crucial step forward for Chinese Catholics.