Chinese hackers attacked Kenyan government as debt strains grew

Reuters

Chinese hackers targeted Kenya’s government in a widespread, yearslong series of digital intrusions against key ministries and state institutions, according to sources, cybersecurity research reports and an analysis of technical data.

Two sources assessed the hacks to be aimed, at least in part, at gaining information on debt owed to Beijing by the East African nation: Kenya is a strategic link in the One Belt, One Road scheme — Chinese Communist Party General Secretary Xi Jinping’s signature policy for a global infrastructure network.

“Further compromises may occur as the requirement for understanding upcoming repayment strategies becomes needed,” a defense contractor wrote in a July 2021 research report.

The People’s Republic of China’s (PRC) foreign ministry said it was unaware of any such hacking.

Beijing’s influence in Africa has grown rapidly over the past two decades. But, like several other African nations, Kenya’s finances are strained by the growing cost of servicing external debt, much of it owed to the PRC.

The hacking campaign demonstrates Beijing’s willingness to leverage its espionage capabilities to monitor and protect economic and strategic interests abroad, sources said.

The hacks constitute a three-year campaign that targeted eight of Kenya’s ministries and government departments, including the presidential office, according to an intelligence analyst. The analyst provided research documents that included the timeline and targets of attacks, and provided data relating to the compromise of a server used exclusively by Kenya’s main spy agency.

A Kenyan cybersecurity expert described similar hacking of the nation’s foreign and finance ministries. All three sources asked not to be named because of the sensitive nature of their work.

The “allegation of hacking attempts by Chinese government entities is not unique,” Kenya’s presidential office said, adding the government had been targeted by “frequent infiltration attempts” from Chinese and other hackers.

“As far as we are concerned, none of the attempts were successful,” it said.

Between 2000 and 2020, the PRC committed nearly $160 billion in loans to African countries, according to a database hosted by Boston University, much of it for large-scale infrastructure projects.

Kenya used over $9 billion in Chinese loans for its plan to build or upgrade railways, ports and highways.

Beijing became the country’s largest bilateral creditor and gained a foothold in the most important East African consumer market and a vital logistical hub on Africa’s Indian Ocean coast.

By late 2019, however, Chinese lending was drying up, and Kenya’s financial strains were showing.

The Kenyan cybersecurity expert said he was asked by authorities at that time to review a breach of a governmentwide network. Attributed to the PRC, the hack began with a “spearphishing” attack when a Kenyan government employee unknowingly downloaded an infected document, allowing hackers to infiltrate the network and access other agencies.

“A lot of documents from the Ministry of Foreign Affairs were stolen and from the finance department as well. The attacks appeared focused on the debt situation,” the cybersecurity expert said.

The intelligence analyst said Chinese hackers carried out a far-reaching campaign against Kenya from late 2019 to at least 2022.

According to documents provided by the analyst, Chinese cyber spies targeted the office of Kenya’s president, its defense, information, health, land and interior ministries, its counterterrorism center and other institutions with persistent and prolonged hacking.

By 2021, global economic fallout from the COVID-19 pandemic had helped push one major Chinese borrower, Zambia, to default on its external debt. Kenya, meanwhile, secured a debt repayment moratorium from Beijing.

In July 2021, according to cybersecurity research reports provided by the intelligence analyst, hackers secretly accessed an email server used by Kenya’s National Intelligence Service (NIS).

Internet logs showed that a server controlled by the Chinese hackers also accessed a shared Kenyan government webmail service from December 2022 to February 2023.

Chinese officials declined to comment on the recent breach.

IMAGE CREDIT: ISTOCK