The firm's Insikt Group said the suspected network intrusions also hit the Hong Kong Study Mission to China and the Pontifical Institute for Foreign Missions in Italy.
The break-ins were related to the expected September 2020 renewal of a 2018 China-Vatican deal that allowed the Chinese Communist Party to get more control and oversight over its Catholic community.
Recorded Future said the predecessor of the Hong Kong Study Mission to China had played a role in negotiating the 2018 agreement.
China has had a troubled relationship with the Vatican, Recorded Future claimed, particularly with its governing body, the Holy See.
The company described RedDelta as a "highly active threat activity group targeting entities relevant to Chinese strategic interests".
"Despite the group’s consistent use of well-known tools such as PlugX and Cobalt Strike, infrastructure re-use, and operations security failures, these intrusions indicate RedDelta is still being tasked to satisfy intelligence requirements," Recorded Future said.
"In particular, this campaign demonstrates a clear objective to target religious bodies, and therefore we feel this is particularly pertinent for religious and non-governmental organisations to take note and invest in network defences to counter the threat posed by Chinese state-sponsored threat activity groups."