A wave of Chinese hackers targeted the Kenyan government in a cyber-espionage campaign that lasted for three years, beginning after Kenya took out gigantic loans from Chinese banks to finance Belt and Road Initiative (BRI) infrastructure projects, Reuters reported Wednesday.
One of the sources Reuters cited was a 2021 report from a defense contracting firm that fairly explicitly accused China of spying on Kenya because it was worried about the payments on $160 billion in BRI loans.
EXCLUSIVE: Chinese cyber spies targeted Kenya’s government in a years-long series of digital intrusions against key ministries and state institutions, including its presidential office and an email server used by Kenya’s main intelligence agency. (1/7) https://t.co/TtUeF8FZ6x
— James Pearson (@pearswick) May 24, 2023
“Further compromises may occur as the requirement for understanding upcoming repayment strategies becomes needed,” the contractor predicted.
Other sources told Reuters the Chinese hackers seemed interested in “gaining information on debt owed to Beijing by the East African nation,” although they engaged in other cyberespionage activities as well. Targets included the Kenyan presidential office, the ministries of defense, information, health, and the interior, and Kenya’s counter-terrorism center.
The hacking campaign ramped up significantly in 2019 as Kenya’s economy declined, those expensive BRI projects failed to generate the revenue they promised, and China grew nervous about loaning Kenya more money. Kenya ultimately secured a temporary pause on debt repayment from its Chinese creditors to get through the pandemic.
The cyberespionage campaign apparently began with a “spear phishing” attack in late 2019, a fake email that tricked a Kenyan government employee into downloading malware that opened secret doors into the system. The last known activity involved Chinese hackers accessing a Kenyan government webmail service in December 2022.
“A lot of documents from the ministry of foreign affairs were stolen and from the finance department as well. The attacks appeared focused on the debt situation,” a Kenyan cybersecurity expert told Reuters.
Cybersecurity analysts said the campaign looked like the work of BackdoorDiplomacy, a threat group believed to be sponsored by the Chinese government. Several security firms said the techniques and specific malware packages used against Kenya were standard BackdoorDiplomacy tools. Some analysts noted that this particular threat group is rarely active in Africa, so the campaign against Kenya was likely a high-priority special project.
Reuters said the targeted Kenyan ministries “did not respond to requests for comment, declined to be interviewed or were unreachable.” The Kenyan presidential office did respond, but only to minimize the story by saying it faces “frequent infiltration attempts” from hackers all over the world.
“As far as we are concerned, none of the attempts were successful,” the presidential office said.
The Chinese embassy in Kenya angrily dismissed the Reuters report as “groundless, far-fetched, and sheer nonsense” on Wednesday.
As usual when Chinese state-sponsored hackers make headlines, the Chinese embassy claimed China is the biggest victim of cyberattacks in the world, and would never sponsor such activity against others.
“Moreover, it is a highly sensitive political issue to pin the label of cyber attack to a certain government without solid evidence. The relevant media should adopt a professional and responsible attitude and underscore the importance to have enough evidence when conducting reports, rather than make groundless assumptions and accusations,” the embassy huffed.
A spokesman for the Chinese embassy insisted “China and Kenya are good friends, good partners, and good brothers,” with a 60-year history of solid diplomatic relations.
“Whether the cooperation between China and Kenya is good or not, the people of the two countries have the most say. Any attempt to sow discord between China and Kenya is doomed to failure and will only disgrace oneself,” the spokesman railed.
Fortune magazine noted last week that China has begun calling in massive loans to Kenya and other developing nations, siphoning off “an ever-greater amount of the tax revenue needed to keep schools open, provide electricity, and pay for food and fuel.”
China is also bleeding away the foreign currency reserves BRI client states like Kenya need to pay the interest on their loans, pushing some of them to the edge of default – or over the edge, in the cases of Zambia and Sri Lanka.
“Salaries or default? Take your pick,” the chief economic adviser to Kenyan president William Ruto told civil service employees angry about their delayed paychecks last month.
Fortune noted that other foreign lenders have been extremely reluctant to step in with rescue plans for nations tainted with Chinese debt, because China’s loans are notoriously opaque, and Chinese banks refuse to join multinational talks over debt restructuring in developing nations. It is therefore difficult for other lenders to judge whether China has “devised a way of muscling to the front of the repayment line.”