China hacks Kenyan Government over loans

24, May 2023 / 4 min read/ By Livenow Africa

NAIROBI, May 24 - In a recently uncovered cyber espionage campaign, Chinese hackers have been found to have targeted Kenya's government, infiltrating key ministries and state institutions over several years, according to multiple sources, cybersecurity research reports, and analysis by Reuters.

Sources indicate that the hacks were partially aimed at obtaining information on Kenya's debt owed to Beijing. Kenya's strategic position as a vital link in China's Belt and Road Initiative, President Xi Jinping's global infrastructure network, makes it a target of interest for gaining insight into repayment strategies.

A research report from July 2021, commissioned by a defense contractor for private clients, stated that further compromises may occur as understanding upcoming repayment strategies becomes necessary.

China's foreign ministry denied knowledge of any such hacking, with the Chinese embassy in Britain dismissing the accusations as baseless and asserting that China opposes all forms of cyberattacks and theft.

China's influence in Africa has significantly grown over the past two decades, and Kenya's finances, like those of many African nations, have been strained by the increasing costs of servicing external debt, much of it owed to China.

The hacking campaign reveals China's readiness to exploit its espionage capabilities in safeguarding its economic and strategic interests abroad, as mentioned by sources.

The extensive three-year campaign targeted eight of Kenya's ministries and government departments, including the presidential office, as outlined by an intelligence analyst in the region. The analyst shared research documents with Reuters, which included attack timelines, targets, and technical data related to the compromise of a server used exclusively by Kenya's main intelligence agency.

A Kenyan cybersecurity expert reported similar hacking incidents against the foreign and finance ministries, emphasizing the focus on the debt situation. The sources preferred to remain anonymous due to the sensitive nature of their work.

Kenya's presidential office responded to the allegations, stating that hacking attempts from Chinese, American, and European hackers were not unique, and while frequent infiltration attempts occurred, none were successful. No further details or responses to follow-up questions were provided.

In response, the Chinese embassy in Britain stated that China opposes using cybersecurity as a means to disrupt relations between China and other developing countries and underscored China's commitment to Africa's debt issue.

Between 2000 and 2020, China provided nearly $160 billion in loans to African countries, with Kenya utilizing over $9 billion for large-scale infrastructure projects. As the largest bilateral creditor to Kenya, China gained a significant foothold in the country, which serves as a vital logistical hub on Africa's Indian Ocean coast.

By late 2019, Chinese lending to Kenya began to dwindle, coinciding with financial strains experienced by the country. A breach, attributed to China, occurred when a government employee unknowingly downloaded an infected document through a spearphishing attack. Subsequently, the hackers gained access to the network and infiltrated other agencies, targeting documents relating to the debt situation.

According to documents provided by the intelligence analyst, the Chinese hackers conducted a pervasive campaign against Kenya, targeting the president's office, defense, information, health, land, interior ministries, and other institutions. The affected government departments either did not respond, declined comment, or could not be reached.

While the motive for the attacks and the information obtained remains unclear, a defense contractor's report indicated that the breach of Kenya's National Intelligence Service (NIS) aimed to gather insights into Kenya's debt management plans. Kenya's financial pressure resulting from Chinese loans was highlighted, as many projects financed by those loans were not generating sufficient income to cover their costs.

In addition to the NIS breach, internet logs reviewed by Reuters revealed that a server controlled by the Chinese hackers accessed a shared Kenyan government webmail service from December 2022 to February 2023. Chinese officials declined to comment on this recent breach, and the Kenyan authorities did not respond to inquiries about it.

Cybersecurity researchers have linked the hacking group responsible for these attacks to the Chinese state. Known as "BackdoorDiplomacy" within the cybersecurity research community, this group is identified by its reuse of malicious software to gain access to victims' networks and track their activities. Slovak-based cybersecurity firm ESET corroborated the group's involvement, while Palo Alto Networks, a U.S. cybersecurity firm, confirmed its association with the Chinese state.

China's embassy in Britain denied involvement in the Kenya hacks and stated that China is a victim of cyber theft and attacks while remaining a staunch defender of cybersecurity.

Reporting by Aaron Ross in Nairobi, James Pearson in London, and Christopher Bing in Washington, with additional reporting by Eduardo Baptista in Beijing. Edited by Chris Sanders and Joe Bavier.

Tags