Proofpoint researchers have observed a resumption of activity by the APT threat actor TA416, otherwise know as Red Delta.
The latest activity appears to be a continuation of previously reported campaigns that have targeted entities associated with diplomatic relations between the Vatican and the Chinese Communist Party (CPC).
The resumption of phishing activity by TA416 included a continued use of social engineering lures referencing the provisional agreement recently renewed between the Vatican Holy See and the Chinese Communist Party “CCP”. Additionally, spoofed email header from fields were observed that appear to imitate journalists from the Union of Catholic Asia News.
Episode 217 – RedDelta and the compromise of the Vatican and the Catholic Diocese of Hong Kong – Interview with Insikt Group, Recorded Future