Chinese Hackers Targeted Kenyan Government Over Several Years To Acquire Debt-Related Data: Report

Chinese hackers have allegedly conducted a series of cyber intrusions targeting key ministries and state institutions within the Kenyan government over a span of several years, according to confidential sources, cybersecurity research reports, and independent analysis of technical data associated with the attacks, Reuters reports. The motive behind these hacks, as assessed by two sources, appears to be acquiring information related to the debt owed by Kenya to Beijing. As a strategic component of President Xi Jinping's Belt and Road Initiative — a global infrastructure network — Kenya's role is of great interest to China.

A research report commissioned by a defence contractor and shared with private clients in July 2021 suggested that the hacking attempts were aimed at gaining insights into upcoming repayment strategies. It also warned that further compromises might occur to meet this objective.

The Chinese Foreign Ministry stated that it was not aware of any such hacking activities, while the Chinese embassy in Britain dismissed the allegations as baseless, reiterating China's opposition to all forms of cyberattacks and theft.

ALSO READ: China Scamster Uses AI Face-Swap Tech To Dupe Victim Out of $622,000

China's influence in Africa has significantly increased over the past two decades. However, like many other African countries, Kenya is grappling with the financial burden of servicing its external debt, a substantial portion of which is owed to China.

The hacking campaign underscores China's willingness to leverage its espionage capabilities in safeguarding its economic and strategic interests overseas, as indicated by two sources.

The campaign spanned three years and targeted eight ministries and government departments, including the presidential office, according to an intelligence analyst in the region. This claim was supported by research documents shared with Reuters, which included attack timelines, targets, and certain technical data regarding the compromise of a server exclusively used by Kenya's main intelligence agency.

A Kenyan cybersecurity expert confirmed similar hacking activities against the foreign and finance ministries. All three sources requested anonymity due to the sensitive nature of their work.

The Kenyan presidential office responded to the allegations, acknowledging the frequency of infiltration attempts by Chinese, American, and European hackers but stating that none of these attempts were successful. The office did not provide additional details or respond to follow-up questions.

In response to the accusations, a spokesperson for the Chinese embassy in Britain emphasized that China opposes any irresponsible actions aimed at sowing discord in its relations with other developing countries. They also highlighted China's commitment to addressing Africa's debt issue.

Chinese lending to African countries, including Kenya, amounted to nearly $160 billion between 2000 and 2020, primarily for large-scale infrastructure projects. Kenya utilized over $9 billion of Chinese loans to fund extensive development initiatives such as railways, ports, and highways.

By late 2019, Chinese lending to Kenya had decreased significantly, coinciding with Kenya's financial challenges. During this period, a Kenyan cybersecurity expert was brought in to assess a government-wide network breach.

The breach, attributed to China and starting with a spearphishing attack, occurred when a government employee unknowingly downloaded a compromised document, allowing hackers to infiltrate the network and gain access to other agencies. Documents related to the Ministry of Foreign Affairs and the Finance Department were among those stolen, with the attacks appearing to focus on Kenya's debt situation, according to the Kenyan cybersecurity expert.

The intelligence analyst working in the region also confirmed that Chinese hackers conducted a wide-ranging campaign against Kenya, which began in late 2019 and continued until at least 2022. The targeted entities included the president's office, ministries of defence, information, health, land, interior, and the counter-terrorism centre, among others. Reuters' attempts to reach these government departments for comment were unsuccessful.

The motive for the attacks and the extent of the information compromised could not be conclusively determined. However, the defence contractor's report suggested that the breach of Kenya's National Intelligence Service (NIS) might have been aimed at gathering information about the country's debt management plans.