Targeted cyber intrusions against key industrial sectors in various African nations conspicuously align with China’s broader soft power and technological agenda in the region, encompassing critical areas such as the telecommunication sector, financial institutions, and governmental bodies. That’s according to a new report from SentinelOne, which has observed sustained tasking toward strategic intrusions by Chinese threat actors in Africa designed to extend influence throughout the continent.
“As we have navigated through the complexities of Chinese influence in Africa, the role of offensive cyber actions, and the broader implications of tech dominance, it becomes evident that this intricate web of geopolitics and cyber threats demands attention across the cybersecurity industry,” Tom Hegel, cybersecurity researcher at SentinelOne, wrote in a blog post.
Three significant sets of cyber activity best exemplify the larger set of China-aligned activity in Africa, according to SentinelOne.
Operation Tainted Love aligns with Chinese telecommunication interests
First is Operation Tainted Love, a case centered on targeted attacks against telecommunications providers predominantly located in the Greater Middle East region. “This discovery marked an evolution of the toolkit involved in Operation Soft Cell, forging immediate connections to previous China-attributed activities,” SentinelOne claimed. Operation Tainted Love involves the use of a rigorously maintained and version-controlled system for credential theft and a novel dropper mechanism, indicating a concerted effort undertaken by a threat actor/threat actors driven by specific objectives, the firm added.
“Unnoted in our initial report, we identified the compromise of a telecommunications entity based in North Africa by the same threat actor,” SentinelOne said. “The timing of this activity aligned closely with Chinese telecommunication soft power interests in Africa, as the organization was in private negotiations for further regional expansion in areas.” Strategic objectives in such intrusions highlight interest from China in internal business knowledge on negotiations, providing competitive advantage, or prepositioning for retained technical access for intelligence collection, it added.
APT group BackdoorDiplomacy targets governmental organizations
The second notable activity cited by SentinelOne relates to APT threat group BackdoorDiplomacy, which has operated across Africa for several years. More recently, fresh revelations emerged spotlighting the group’s sustained three-year endeavor targeting governmental organizations in Kenya, according to the company.
“Through analysis of infrastructure tied to this actor, we assess multiple African countries are experiencing targeting over the last few years, including at least South Africa, Kenya, Senegal, and Ethiopia,” the firm wrote. “Our current perspective suggests a close relationship between BackdoorDiplomacy and another Chinese state sponsored threat actor, APT15.”
Threat actor ambiguity reflects interest in African Union intelligence
The third China-aligned activity highlighted by SentinelOne centers on a broader set of campaigns that demonstrate threat actor ambiguity, emphasized by recent reports on FamousSparrow and Earth Estries. “Pinpointing precise clustering for these groups remains challenging due to a prevalence of shared technical resources,” SentinelOne said, but TTPs and targeting objectives are somewhat related to the APT41 umbrella, it claimed.
Separate Chinese espionage efforts against the African Union (AU) were allegedly discovered in 2017, while more recently, AU IT staff were notified of an intrusion attributed to the Bronze President APT, a Chinese threat actor. Bronze President was observed exfiltrating surveillance footage from the AU headquarters facility, highlighting how much of a priority intelligence from inside the AU is to Beijing, SentinelOne said.
Africa’s cybersecurity lagging behind continent’s digital, economic advancement
Africa is a region experiencing rapid digital, technological, and economic development, increasing its combined GDP more than five-fold over the past 20 years. However, this development has outpaced that of cybersecurity resources, capabilities, laws, and regulations, with increasing cyberattacks in the region threatening businesses, critical infrastructure, and government. The lack of effective international cooperation and information exchange between African countries is hindering the fight against cybercrime, while its low level of preparedness to counter cyberthreats costs the concerned countries on average 10% of their GDP, according to Positive Technologies. Cybercriminals actively buy and sell access to the networks of major African organizations such as government and financial institutions, trade enterprises, and IT companies, with financial difficulties pushing the younger generation to look for ways to earn money quickly – the increasingly low entry threshold for engaging in cybercrime thus makes this a tempting prospect, the firm added.
Meanwhile, about 90% of African businesses operate without cybersecurity protocols, making them vulnerable to cyberthreats, according to a 2021 INTERPOL report.
ECOWAS announces plans to advance cybersecurity in West Africa
Last week, the Economic Community of West African States (ECOWAS) and its partners announced the Joint Platform for the Advancement of Cybersecurity in West Africa, part of the ECOWAS Action Plan to increase regional cybersecurity resilience and capacity. “Cybersecurity is not merely a technical issue; it is a matter of national security, economic stability, and safeguarding the privacy and rights of our people,” said Sediko Douka, commissioner in charge of infrastructure, energy, and digitization of the ECOWAS Commission. “It is important to act decisively to protect our critical infrastructure, secure our data, and ensure the trust and confidence of those who use digital services.”
The first concrete lines of work from the action plan to be implemented with the support of the government of Germany will focus on three key areas. The importance of developing and implementing regional confidence-building measures in the field of cybersecurity, strengthening regional cooperation and cyber capabilities at the regional level, and skills development as well as regional cyber diplomacy mechanisms.