Chinese hackers, RedDelta, may have infiltrated Vatican ahead of talks


The Hill reported that the spear-phishing campaign used tactics mirrored by other Chinese-approved hacking operations. However, new techniques and computer code used in the hacks made it difficult to be 100% certain that RedDelta is the source.

One attack during the campaign was hidden in a fake letter from the Vatican to a Hong Kong chaplain, using a sophisticated replica of a letter from the official stationery of Archbishop Edgar Peña Parra. 

In an interview, a cybersecurity specialist who goes by the name Arkbird told ZDNet he discovered malware samples uploaded on VirusTota, a security website that aggregates antivirus products.

Uploaded as ZIP or RAR files, the files run legitimate programs such as Adobe Reader or Microsoft Word when unpacked, but those apps then load a lure document like the fake communications from Vatican officials.

Arkbird also revealed that the legitimate programs and lure documents sideload malicious DLL files that install malware on the victim’s computer.

The particular technique used is a staple of CCP hacking groups, according to an American malware analyst who also spoke with ZDNet.