'How China hacked NIS, the presidency'

Loading Article...

For the best experience, please enable JavaScript in your browser settings.

"The hacks constitute a three-year campaign that targeted eight of Kenya's ministries and government departments, including the presidential office, according to an intelligence analyst in the region," states Reuters in the report.

The Chinese embassy in Nairobi has however disputed the report saying it is the work of those who want to sour Nairobi-Beijing relations.

The embassy spokesperson rubbished the claims as nonsense saying hacking is a threat to all countries.

"Tracing the source of cyber attacks is a complex technical issue," read a statement by the Chinese Embassy Spokesperson. "Moreover, it is a highly sensitive political issue to pin the label of cyber attack to a certain government without solid evidence."

"Whether the cooperation between China and Kenya is good or not, the people of the two countries have the most say," read the statement in part. "Any attempt to sow discord between China and Kenya is doomed to failure and will only disgrace itself."

The operation has been traced to a group known as "BackdoorDiplomacy" a Chinese state-linked hacking team that is believed to advance the objectives of Chinese diplomatic strategy.

"According to documents provided by the analyst, Chinese cyber spies subjected the office of Kenya's president, its defense, information, health, land and interior ministries, its counter-terrorism center and other institutions to persistent and prolonged hacking activity," states the Reuters news Agency.

Other reports from cybersecurity experts, however, indicate that BackdoorDiplomacy, which is classified as an advanced persistent threat (APT) group, could have been active in Kenya as far back as 2017.

"An APT group that we are calling BackdoorDiplomacy, due to the main vertical of its victims, has been targeting Ministries of Foreign Affairs and telecommunication companies in Africa and the Middle East since at least 2017," states one report from cybersecurity firm ESET.

"Victims have been discovered in the Ministries of Foreign Affairs of several African countries, as well as in Europe, the Middle East, and Asia," explains ESET. "Additional targets include telecommunication companies in Africa, and at least one Middle Eastern charity."

The attackers first gain access to the intended target by exploiting vulnerabilities in the server and use both legitimate tools and disguised malware to carry out reconnaissance, harvest data and move across the network undetected.

According to Reuters, the hack was triggered when a Kenyan government employee unknowingly downloaded an infected document, allowing hackers into the network and into other agencies.

The hacking operation appears to have ratcheted up on the back of Kenya's looming General Election last year when the international community was keenly watching the country's regime change.

According to data from the National Treasury, Kenya's external debt stood at Sh4.1 trillion as at June 2022 out of which 30 per cent (Sh1.2 trillion) is owed to China.

In the run up to last year's General Election, the issue of China's outstanding debt to Kenya and the economic hold the Asian giant has on the country came into sharp focus on several occasions.

"All Chinese nationals selling roasted maize, I will put them on a plane and deport them," President William Ruto told a gathering of businessmen during the Kenya Kwanza economic forum in June last year.

The President also vowed to make all big infrastructure contracts that the Jubilee administration signed with Beijing public.

Raila Odinga on the other hand aimed at the high stock of Kenya's debt to China promising that he will re-negotiate the debt if elected into office.

"African governments must actually renegotiate favourable terms with the Chinese," he said during a speech at Chatham House in London last March.

"If you are uncomfortable with some of the terms then you renegotiate or find someone else who can be able to buy out the Chinese," he said.

Earlier this year Cabinet Secretary to the Ministry of Trade and Industry Moses Kuria kicked up a storm when he ordered the closure of China Center, a low-cost sprawling mall on Thika Road that had become popular with Kenyans.

Kuria threatened to repossess the establishment owned by a Chinese national stating that the move was as a response of complaints from traders in Nairobi who complain that Chinese traders are crowding them out of business.

A government official told Reuters that the reports of the hacking attempts were not new and that the country has been targeted frequently by Chinese, American and European hackers but that none of them have been successful.

The report further highlights glaring gaps that exist in the country's top spy agency the National Intelligence Service, NIS and the vulnerability of systems and processes in sensitive government departments.

According to one security expert based in Nairobi, there has been an increase of state-sponsored hacking and spying operations and Kenya's regional and strategic position makes the country a prime target .

"Kenya is the economic hub of East Africa and we have numerous international agencies and multinational companies that have Nairobi as the regional headquarters," he explained.

"We are seeing more state-to-state hacking operations like the one mentioned in the report and this is in keeping with the trends we are seeing globally.