Hack china kenya: Chinese hackers attacked the Kenyan government due to the growth of the debt burden

According to three sources, Chinese hackers attacked the Kenyan government in a wide-ranging, multi-year series of digital intrusions into key ministries and government agencies. Information Security research reports and Reuters own analysis of technical data related to the hack.

According to two sources, the hack was aimed, at least in part, to obtain information about the East African country’s debt to Beijing: Kenya is a strategic link in the “One Belt, One Road” initiative, President Xi Jinping’s plan for global infrastructure. net.

“Further compromises may arise as understanding of upcoming repayment strategies becomes necessary,” according to a July 2021 research report written by a defense contractor for private clients.

China’s foreign ministry said it was “not aware” of such cases. breakingwhile the Chinese embassy in the UK called the allegations “baseless”, adding that Beijing opposes and fights against “cyber attacks and theft in all their forms”.

China’s influence in Africa has grown rapidly over the past two decades. But, like some African countries, Kenya’s finances are struggling because of the rising cost of servicing external debt, most of which is owed to China.

The hacking campaign demonstrates China’s willingness to use its spying capabilities to monitor and protect economic and strategic interests abroad, the two sources said.

Discover stories that interest you


The hacks are a three-year campaign targeting eight Kenyan ministries and government departments, including the presidential administration, according to an intelligence analyst in the region. The analyst also shared research documents with Reuters that included a timeline of the attacks, targets and provided some technical data regarding the compromise of a server used exclusively by Kenya’s top spy agency. A Kenyan cybersecurity expert described similar hacking activities against the ministries of foreign affairs and finance. All three sources asked not to be named due to the confidential nature of their work.

“Your allegation of hacking attempts by Chinese government entities is not unique,” Kenya’s presidential office said, adding that the government has been subject to “frequent infiltration attempts” by Chinese, American and European hackers.

“To the best of our knowledge, none of the attempts were successful,” the statement said.

He did not provide more details or answer additional questions.

A spokesman for the Chinese embassy in the UK said China opposes “irresponsible moves that use topics such as cyber security to create discord between China and other developing countries.”

“China attaches great importance to Africa’s debt problem and is actively working to help Africa deal with it,” the spokesman added.

Khaki

According to a comprehensive database of Chinese loans hosted by Boston A university, most of which is dedicated to large-scale infrastructure projects.

Kenya has used more than $9 billion in Chinese loans to finance the aggressive construction or modernization of railroads, ports and highways.

Beijing has become the country’s largest bilateral creditor and firmly established itself in East Africa’s most important consumer market and a vital logistics center on Africa’s Indian Ocean coast.

However, by the end of 2019, when a Kenyan cybersecurity expert told Reuters that Kenyan authorities had brought him in to assess a government network breach, Chinese lending dried up. And Kenya’s financial difficulties were evident.

The breach, reviewed by a Kenyan cybersecurity expert and attributed to China, began with “spear phishing“Attack at the end of the same year when a Kenyan government official unknowingly uploaded a contaminated document, allowing hackers to break into the network and gain access to other agencies.

“Many documents were stolen from the Ministry of Foreign Affairs and also from the Finance Department. The attacks seem to have focused on the debt situation,” said a Kenyan cybersecurity expert.

Another source, an intelligence analyst working in the region, said that Chinese hackers launched a massive campaign against Kenya that began in late 2019 and continued until at least 2022.

According to the documents provided by the analyst, Chinese cyber spies subjected the Office of the President of Kenya, the Ministries of Defence, Information, Health, Land and Home Affairs, the Center for Combating Terrorism and other institutions to persistent and sustained hacking activity.

Affected government departments did not respond to requests for comment, declined to be interviewed, or were unavailable.

By 2021, the global economic fallout from the COVID-19 pandemic had already helped one major Chinese borrower, Zambia, default on its foreign debt. Kenya managed to get a temporary moratorium on debt repayment from China.

In early July 2021, cybersecurity research reports shared by a regional analyst detailed how hackers secretly gained access to an email server used by the Kenya National Intelligence Service (NIS).

Reuters was able to confirm that the victim’s IP address belonged to NIS. The incident was also covered in a report by a private defense contractor seen by Reuters.

Reuters was unable to determine what information was obtained during the hack, or definitively establish a motive for the attacks. But the defense contractor’s report says the NIS hack may have been aimed at gathering information about how Kenya plans to manage debt repayments.

“Kenya is currently under the pressure of this debt burden… as many projects funded by Chinese loans are not yet generating enough revenue to pay for themselves,” the report says.

A Reuters review of online magazines describing Chinese digital espionage activities found that a server controlled by Chinese hackers also recently, from December 2022 to February of this year, accessed the Kenyan government’s shared webmail service.

Chinese officials declined to comment on the recent breach, and Kenyan authorities did not respond to a question about it.

Behind the scenes diplomacy

The defense contractor, pointing to identical tools and methods used in other hacking campaigns, determined that a Chinese state-linked hacking group carried out an attack on the Kenya Intelligence Agency.

The group is known in the cybersecurity research community as “BackdoorDiplomacy” due to its efforts to advance the goals of China’s diplomatic strategy.

According to Slovak cybersecurity company ESET, BackdoorDiplocacy reuses malware against its victims to gain access to their networks, allowing them to track their activities.

US cybersecurity firm Palo Alto Networks, which monitors BackdoorDiplomacy, told Reuters the IP address of the NIS hackers and confirmed its affiliation with the group, adding that its preliminary analysis shows the group is sponsored by the Chinese state.

Cybersecurity researchers have documented BackdoorDiplomacy hacks targeting governments and institutions in a number of Asian and European countries.

The defense contractor’s report says that incursions into the Middle East and Africa appear to be less common, making the focus and scope of its hacking activities in Kenya particularly noteworthy.

“This corner is clearly a priority for the group.”

The Chinese Embassy in the UK denied any involvement in the hacking in Kenya and did not directly respond to questions about the government’s relationship with Backdoor Diplomacy.

“China is a major victim of cyber thefts and attacks and a staunch defender of cyber security,” the spokesman said.