Chinese Hackers Target Kenya's Government, Aimed at Gaining Information on Debt to Beijing.
Key Takeaways:
1. Chinese hackers conducted a years-long series of digital intrusions against key Kenyan ministries and state institutions, targeting sensitive information on Kenya's debt owed to China.
2. Kenya's strategic position in China's Belt and Road Initiative makes it a prime target for cyber espionage, highlighting China's willingness to protect its economic and strategic interests abroad.
3. The hacking campaign, attributed to a Chinese state-linked hacking team called BackdoorDiplomacy, lasted for three years and targeted ministries such as defense, finance, and foreign affairs. Kenya's financial strains due to its growing external debt have made it vulnerable to cyber attacks.
According to Reuters, Chinese hackers have launched a series of digital intrusions against key Kenyan ministries and state institutions over several years. The hacks were aimed at obtaining information on Kenya's debt owed to Beijing, as the country plays a crucial role in China's Belt and Road Initiative. The attacks highlight China's willingness to utilize espionage capabilities to safeguard its economic and strategic interests abroad.
The hacking campaign, which lasted for three years, targeted eight of Kenya's ministries and government departments, including the presidential office. Chinese cyber spies infiltrated Kenya's network, accessing sensitive documents related to the finance and foreign affairs departments. The motive behind these attacks was primarily focused on the country's debt situation.
Chinese influence in Africa has expanded rapidly, with Kenya being one of the nations burdened by the growing cost of servicing external debt, a significant portion of which is owed to China. Between 2000 and 2020, China provided loans worth nearly $160 billion to African countries, financing large-scale infrastructure projects. Kenya alone utilized over $9 billion in Chinese loans to upgrade its railways, ports, and highways.
The breach, attributed to China, began with a "spearphishing" attack in late 2019. Hackers gained access to Kenya's government network through an infected document downloaded by an unsuspecting employee. The compromised ministries included defense, information, health, land, interior, and others. Despite requests for comments, the affected government departments did not respond or declined to be interviewed.
While the specific information stolen during the hacks remains unknown, the breaches targeted the National Intelligence Service (NIS) and an email server used by Kenya's intelligence agencies. The motive behind breaching the NIS was possibly to gather insights into Kenya's debt management plans. The country is currently struggling with debt burdens as the income generated from Chinese-financed projects falls short of covering the repayment obligations.
Evidence suggests that a Chinese state-linked hacking team, known as "BackdoorDiplomacy," conducted the attacks on Kenya's intelligence agency. This group has a history of furthering Chinese diplomatic objectives through cyber espionage. Cybersecurity researchers have identified their techniques and tools used in other hacking campaigns. Palo Alto Networks, a U.S. cybersecurity firm, confirmed the connection between BackdoorDiplomacy and the NIS hack, stating that the group is sponsored by the Chinese state.
The scale and focus of BackdoorDiplomacy's hacking activities in Kenya are particularly notable since their incursions into the Middle East and Africa have been less common. This suggests that Kenya holds strategic importance for China, warranting intensive cyber espionage efforts.
China has denied any involvement in the Kenyan hacking incidents and emphasized its commitment to cybersecurity. The Chinese embassy in Britain rejected the allegations and stated that China is also a victim of cyber theft and attacks.
Source: Reuters (original article)