(CNN) - When you think about cyber espionage, the Vatican doesn't come to mind as an obvious target. It is a small country whose leader has more moral authority than worldly power.
But China and the Vatican are expected to begin delicate negotiations in September to renew a secret agreement on the control of the Catholic Church in China. Chinese leaders may have been looking for an advantage: insight into how the Holy See planned to get closer to the negotiating table, according to a report released Tuesday by Recorded Future, a threat intelligence firm.
The names of the suspicious groups, such as Mustang Panda and RedDelta, recall the world of the cloak and dagger of the medieval Catholic Church, when the pope sent powerful envoys to royal courts around the world. But the report is less Dan Brown-like than careful data analysis. He accuses China of using malicious software to enter the Vatican's internal networks.
"Our investigation uncovered an alleged Chinese state-sponsored campaign targeting multiple high-profile entities associated with the Catholic Church before the likely renewal of the interim agreement between China and the Vatican in September 2020," Recorded Future analysts wrote in a report released Tuesday.
Targeting the Vatican, the report continued, was part of China's ongoing plan to take control of the country's underground Catholic Church, whose leaders are not approved by the Chinese Patriotic Association.
The state of those churches and questions about who has the power to appoint bishops are at the heart of the negotiations between China and the Vatican. China also closely monitors the church's stance on pro-democracy protests in Hong Kong, according to the report.
A Vatican spokesman declined to comment. The Chinese Foreign Ministry did not immediately respond to a request for comment, but The New York Times , which first reported the story, said a Chinese official denied the report and called the allegations "unfounded speculation."
READ : Two Canadians detained in China are officially accused of espionage
China is cracking down on religious groups
The revelations of China's suspected hacking come as the country has been accused of rampant human rights abuses against religious minorities, including Muslim Uighurs, Tibetan Buddhists, and Christians.
"State-sponsored repression against all religions continues to intensify," United States Secretary of State Mike Pompeo said in June when the State Department released its report on the state of religious freedom in countries across the world. world.
"Mass arrests of Uighurs continue in Xinjiang. So does the repression of Tibetans and Buddhists and Falun Gong and Christians, "said Pompeo.
LOOK : China says Muslim Uighurs are in re-education centers
How detectives noticed suspected hackers
A research group within Recorded Future closely monitors online "threat actors", including state-sponsored hackers in China, a company analyst said. The analyst asked not to be identified because of the sensitivity of the allegations.
"This type of behavior by China is common and has been in recent years," said the analyst.
The hackers' methods were not particularly sophisticated, one included a common spear phishing tactic, but they are effective, according to the analyst. A "decoy" was a letter of condolence from Cardinal Pietro Parolin, Vatican secretary of state, addressed to a Hong Kong church leader, a key participant in the upcoming negotiations. When you open it, the letter infects the computer.
"It is currently unclear whether the actors created the document themselves, or whether it is a legitimate document that they were able to obtain and use as a weapon," the report said.
Another suspected hacker had the RedDelta malware brands, a "threat activity group" sponsored by the Chinese state, according to the report.
The Recorded Future analyst said the Vatican was informed of the hack, which started in May, according to the report.
Cyber espionage
