Sign up to save your podcasts
Or
Share Episode 217 - RedDelta and the compromise of the Vatican and the Catholic Diocese of Hong Kong - Interview with Insikt Group, Recorded Future
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 217 - RedDelta and the compromise of the Vatican and the Catholic Diocese of Hong Kong - Interview with Insikt Group, Recorded Future
Interview with the Senior Threat Intelligence Analyst from Insikt Group, Recorded Future into the RedDelta Report (https://go.recordedfuture.com/hubfs/reports/cta-2020-0728.pdf), an analysis of how the Vatican and the Catholic Diocese of Hong Kong were among several Catholic Church-related organizations targeted by RedDelta, a Chinese-state sponsored threat activity group tracked by Insikt Group.
From early May 2020, this series of suspected network intrusions also targeted the Hong Kong Study Mission to China and the Pontifical Institute for Foreign Missions (PIME), Italy. These organizations have not been publicly reported as targets of Chinese threat activity groups prior to this campaign.
These network intrusions occurred ahead of the anticipated September 2020 renewal of the landmark 2018 China-Vatican provisional agreement, a deal which reportedly resulted in the Chinese Communist Party (CCP) gaining more control and oversight over the country’s historically persecuted “underground” Catholic community.
In addition to the Holy See itself, another likely target of the campaign includes the current head of the Hong Kong Study Mission to China, whose predecessor was considered to have played a vital role in the 2018 agreement. The suspected intrusion into the Vatican would offer RedDelta insight into the negotiating position of the Holy See ahead of the deal’s September 2020 renewal.
The identified RedDelta intrusions feature infrastructure, tooling, and victimology overlap with the threat activity group publicly reported as Mustang Panda (also known as BRONZE PRESIDENT and HoneyMyte). This includes the use of overlapping network infrastructure and similar victimology previously attributed to this group in public reporting, as well as using malware typically used by Mustang Panda, such as PlugX, Poison Ivy, and Cobalt Strike.
This podcast is a report walk through with the lead analyst and covers the background, overview of Catholic Church intrusions, other targeted organizations and the infrastructure analysis. In this campaign, RedDelta favored three primary IP hosting providers, and used multiple C2 servers within the same /24 CIDR ranges across intrusions.
Importantly, we also cover the key network defense recommendations corporations should be applying to deter and prevent such attacks.
Recorded 27 August between Sydney and London in recognition of Recorded Future being Platinum supporter of the Cyber Risk Meetups (https://www.cyberriskmeetup.com) for 2020 - 2021
View all episodes
By MySecurity Media
3.9
1919 ratings
Interview with the Senior Threat Intelligence Analyst from Insikt Group, Recorded Future into the RedDelta Report (https://go.recordedfuture.com/hubfs/reports/cta-2020-0728.pdf), an analysis of how the Vatican and the Catholic Diocese of Hong Kong were among several Catholic Church-related organizations targeted by RedDelta, a Chinese-state sponsored threat activity group tracked by Insikt Group.
From early May 2020, this series of suspected network intrusions also targeted the Hong Kong Study Mission to China and the Pontifical Institute for Foreign Missions (PIME), Italy. These organizations have not been publicly reported as targets of Chinese threat activity groups prior to this campaign.
These network intrusions occurred ahead of the anticipated September 2020 renewal of the landmark 2018 China-Vatican provisional agreement, a deal which reportedly resulted in the Chinese Communist Party (CCP) gaining more control and oversight over the country’s historically persecuted “underground” Catholic community.
In addition to the Holy See itself, another likely target of the campaign includes the current head of the Hong Kong Study Mission to China, whose predecessor was considered to have played a vital role in the 2018 agreement. The suspected intrusion into the Vatican would offer RedDelta insight into the negotiating position of the Holy See ahead of the deal’s September 2020 renewal.
The identified RedDelta intrusions feature infrastructure, tooling, and victimology overlap with the threat activity group publicly reported as Mustang Panda (also known as BRONZE PRESIDENT and HoneyMyte). This includes the use of overlapping network infrastructure and similar victimology previously attributed to this group in public reporting, as well as using malware typically used by Mustang Panda, such as PlugX, Poison Ivy, and Cobalt Strike.
This podcast is a report walk through with the lead analyst and covers the background, overview of Catholic Church intrusions, other targeted organizations and the infrastructure analysis. In this campaign, RedDelta favored three primary IP hosting providers, and used multiple C2 servers within the same /24 CIDR ranges across intrusions.
Importantly, we also cover the key network defense recommendations corporations should be applying to deter and prevent such attacks.
Recorded 27 August between Sydney and London in recognition of Recorded Future being Platinum supporter of the Cyber Risk Meetups (https://www.cyberriskmeetup.com) for 2020 - 2021
More shows like Cyber Security Weekly Podcast
View all
Security Now (Audio)
1,979 Listeners
Risky Business
365 Listeners
Future Tense
73 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
Politics Now
104 Listeners
Smashing Security
312 Listeners
Click Here
413 Listeners
Darknet Diaries
7,879 Listeners
Cybersecurity Today
166 Listeners
If You're Listening
313 Listeners
CISO Series Podcast
189 Listeners
Hacking Humans
314 Listeners
A Bit of Optimism
2,186 Listeners
Cyber Security Headlines
127 Listeners
The TED AI Show
46 Listeners