China denies hacking Kenyan government, ministries, and departments

Mixin Network suspends operations following $200m hack, the largest in 2023 

China, through its embassy in Kenya, has debunked a claim that it funded a cyber-espionage campaign against critical ministries and government departments in the East African nation. Yesterday, Reuters released an exclusive report which revealed that Chinese hackers had infiltrated Kenya’s government systems from 2019 until late 2022.  

Calling it an attempt to “sow discord between Beijing and Nairobi”, an embassy spokesperson stated that

The said false report is groundless, far-fetched, and sheer nonsense. Hacking is a common threat to all countries and China is also a victim of cyber attack. China consistently and firmly opposes and combats cyber attacks and cyber theft in all forms. Tracing the source of cyber attacks is a complex technical issue.” 

Chinese Embassy

Reuters had claimed the cybercriminals got into the government’s network to gain insights into the country’s debt situation. Using a social engineering tactic called “spear phishing” the hackers who allegedly belong to Backdoor Policy – a globally feared cyber-espionage team – gained access into Kenya’s network.

For clarity, spear phishing is an email or electronic communication scam often aimed at stealing sensitive information from a target which could be an individual or business. 

In 2019, a Kenyan government worker was tricked into downloading a corrupted file, granting the cybercriminals access to critical documents from public offices including that of the President. The Kenyan cybersecurity expert who Reuters interviewed revealed “A lot of documents from the ministry of foreign affairs were stolen and from the finance department as well. The attacks appeared focused on the debt situation.” 

Kenya, like many African countries, enrolled in China’s ambitious infrastructure project called the “Belt and Road Initiative.” 151 countries have signed up for China’s Belt and Road Initiative, a figure that accounts for nearly 75% of the world’s population. According to a live database on Chinese loans to African nations, Kenya secured 43 loans worth over $9 billion. Meanwhile, Africa owes China $159.9 billion from 1,188 loans for various projects across the continent.

Despite Kenya’s efforts to shore up its infrastructure with new highways, clean power generation plants, and other projects, the nation’s economy has struggled in recent times. The projects embarked on with China’s loan are yet to begin paying for themselves. As such, servicing the loan is causing untold damage to Kenya’s economy. The East African country recently delayed the payment of public officeholders’ salaries

Although it has pushed for more taxes in its 2023 Finance Bill to widen its revenue stream, certain groups have faulted the move. Kenya isn’t the only country under pressure to repay Chinese loans as Zambia – who defaulted on payments in 2020 – currently battles with debt restructuring. 

The Chinese embassy spokesperson reiterated that both China and Kenya have shared a good relationship that spans 60 years. “Moreover, it is a highly sensitive political issue to pin the label of a cyber attack on a certain government without solid evidence. The relevant media should adopt a professional and responsible attitude and underscore the importance of having enough evidence when conducting reports, rather than make groundless assumptions and accusations,” they said. 

Read also: Nigeria sees 64% increase in data breaches, recording an outstanding 82,000 episodes in Q1 2023

China has made the news for alleged hacking before 

Although China has denied any involvement in a successful hacking attempt that targeted one of its debtors, some digging revealed that it has been accused of cybercrime before. In 2018, officials of the African Union said China had hacked the computer systems at its headquarters building which the Asian nation built for the union a few years ago.


African Union logo

Aside from financing the construction of a new building for the AU, China also paid for the computer servers found in the headquarters. Upon installing the systems, China reportedly installed a backdoor that allowed it to copy the AU’s day to servers based in Shanghai. When news of this incident got out, Kuang Weilin countered the claim and described the allegation as “absurd” and “preposterous”. 

Speaking to Voice of America, Joshua Meservey – a senior policy analyst – argued that China’s involvement in the AU building hack was unsurprising. “We know China operates this way all across the world, including in Africa. They have a particular interest in the AU headquarters,” he says. 

What this means for other African nations 

With Kenya’s hack comes great worry about the possibility of other African nations experiencing such events. As such, countries should ramp up their respective cybersecurity efforts and sensitize citizens – especially government employees – on information security best practices. No longer can Africa be lackadaisical towards cybersecurity. 

Technext Newsletter

Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!

Register for Technext Coinference 2023, the Largest blockchain and DeFi Gathering in Africa.

Technext Newsletter

Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!