The attack comes as prominent Catholic leaders in Hong Kong have been vocal in support of the pro-democracy protests.

According to technology website ZDNet, a series of spear-phishing attacks have specifically targeted diocesan officials and are linked to the Chinese government.

The attacks came in the form of legitimate-looking documents that install malware on a user's computer.

According to a malware analyst using the pseudonym Arkbird, the malware samples are typically associated with Chinese state groups.

"This virus contained legitimate-looking applications that loaded either a document or news article related to the Catholic Church, but actually installed malware on the user's computer without their knowledge," Arkbird says.

Arkbird says the lure documents, such as communications from Vatican officials or news articles from the Union of Catholic Asian News, load malicious malware on a victim's computer.

On July 1 new "National security law" was introduced in Hong Kong. The law, signed by Catholic Governor, Carrie Lam, is expected to impact on the religious freedom of people in Hong Kong.

Under the new law, anyone convicted of secession, subversion, terrorism or collusion with foreign forces will receive a minimum of 10 years in prison, with the possibility of a life sentence.

The National security law has a broad definition of terrorism and even includes arson and vandalizing public transportation "with an intent to intimidate the Hong Kong government or Chinese government for political purposes."

The administrator of the diocese, Cardinal John Tong Hon supports the new security law saying it will have no effect on religious freedom.

However his predecessor Archbishop Emeritus of Hong Kong, Cardinal Joseph Zen acknowledges the tricky situation Tong Hon is in.

"On the one hand, it will be a lot of trouble if we don't support the government. We never know what they will do to our Church," said Zen.

Zen, however, remains disappointed many in the Church gave support to the law.

Source

• ZDNet
• Catholic News Agency
• Image: CyberTalk.org

Similar attacks have targeted Australia's biggest corporate superannuation fund, TelstraSuper, while a cyber crime syndicate hacked and scrambled the files of Melbourne Heart Group, a cardiology unit based at Cabrini Hospital.

Toyota Australia was also the target of a cyber attack, with employees locked out of their emails for days.

The cyber attack on the Melbourne Archdiocese occurred last November when hackers infiltrated the church's IT system using "ransomware". This type of attack can threaten to publish the victim's data or block access to it unless money is paid.

"We have not engaged with the ransomware issuer and obviously no ransom has been paid," an Archdiocese spokesman said.

The Archdiocese has more than 200 church parishes, 331 schools and 10 Catholic hospitals.

The impact was confined to the church's internal IT system and did not affect sensitive data relating to the schools overseen by the church's education arm which runs on a separate network.

An Archdiocese spokesman says the church has been able to "isolate its impact" and progressively restore services.

TelstraSuper says it is prepared for cyber attacks. Over the years there have been a number of attempts to breach its computer systems a spokesperson for the superannuation company says.

The spokesperson confirmed TelstraSuper has never paid a ransom and has security systems that "proactively monitor threats" to the data of its 95,000 members.

Source

• The Sydney Morning Herald
• Financial Express.comImage: