Chinese hackers infiltrated the Vatican’s computer networks in the past three months, a private monitoring group has concluded, in an apparent espionage effort before the beginning of sensitive negotiations with Beijing. The attack was detected by Recorded Future, a firm based in Somerville, Mass. The Chinese Communist Party has been waging a broad campaign to tighten its grip on religious groups, in what government leaders have periodically referred to as an effort to “Sinicize religions” in the country.
More information: https://www.
There are three certainties in life, death, taxes and Beijing\’s repeated denials of having any involvement in cyber espionage. The communist government can then claim plausible deniability and blame some third party that they likely hired to do their dirty work. Interestingly, the U.S. government learned years ago of China\’s subterfuge when the U.S. and China agreed to stop hacking into each other\’s government networks only to learn China actually increased its efforts to steal top secret info from government networks and contractors sites.
This latest news is just another episode of Fantasy Island for China. Deny, deny, deny so much that you look blue in the face. As for the Vatican or any public or private entity, there is another certainty and that is repeated attempts to steal your proprietary information by a nation-state or rogue hacking group. Reducing risk should be paramount to any organisation and one of the ways security analysts can see more deeply into a network is through threat hunting and around the clock monitoring of all inbound and outbound network traffic. Having that extra set of eyes reduces the likelihood that a hacker or group can set up shop in a network over a period of weeks, months or years when a lot of collateral damage could occur.
It appears that the Vatican data breach was due to social engineering, using an electronic document that appeared to originate from a Vatican official. I believe we can expect more attacks like these originating from Chinese hackers financed by the state. We may see attacks like this on other governments before scheduled negotiations or discussions, as the Chinese government looks to gain an \”unfair advantage\” in negotiations or talks.
Any country negotiating with China should expect phishing and cyberattacks ahead of in-person meetings. Cyber espionage seems to have become part of China\’s due diligence process. It\’s a relatively low-risk tactic for China, which can just deny allegations if it gets caught and blame the attack on rogue hackers.