Close Menu
TechCentralTechCentral

    Subscribe to the newsletter

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Facebook X (Twitter) YouTube LinkedIn
    WhatsApp Facebook X (Twitter) LinkedIn YouTube
    TechCentralTechCentral
    • News
      The lone ship guarding Africa's internet - Léon Thévenin

      The lone ship guarding Africa’s internet

      14 July 2026
      The Popia problem with agentic AI

      The Popia problem with agentic AI

      14 July 2026
      Djima Antaley delivers a package for Afrety in Dakar, Senegal. Ricci Shryock/Reuters

      The middlemen powering Africa’s online shopping boom

      14 July 2026
      Purple Group buys AI fintech Telescope in R177-million deal

      Purple Group buys AI fintech Telescope in R177-million deal

      14 July 2026
      Openserve launches its own ISP, rattling wholesale partners

      Openserve launches its own ISP, rattling wholesale partners

      13 July 2026
    • World
      Swingeing jobs cuts at Microsoft's Xbox unit

      Swingeing jobs cuts at Microsoft’s Xbox unit

      6 July 2026

      SK Hynix ends Samsung’s 26-year reign at the top

      22 June 2026
      Google on the hook for what its AI tells users, court rules

      Google on the hook for what its AI tells users, court rules

      15 June 2026
      How Russians juggle VPNs to outwit the Kremlin

      How Russians juggle VPNs to outwit the Kremlin

      15 June 2026
      Amazon CEO flagged Anthropic AI risks to Washington - Andy Jassy

      Amazon CEO flagged Anthropic AI risks to Washington

      14 June 2026
    • In-depth
      AI boom sparks rally, frenzy and fear

      AI boom sparks rally, frenzy and fear

      11 June 2026
      Every plug-in hybrid on sale in South Africa, ranked by price - Lamborghini Temerario

      Every plug-in hybrid on sale in South Africa, ranked by price

      7 June 2026
      What Wi-Fi 8 will mean for wireless networks

      What Wi-Fi 8 will mean for wireless networks

      1 June 2026
      Alfa's electric rebel - Alfa Romeo Junior Elettrica Veloce

      Alfa’s electric rebel

      29 April 2026
      Africa switches on as Europe dims the lights

      Africa switches on as Europe dims the lights

      9 April 2026
    • TCS
      Watts & Wheels S1E7: 'Ferrari's EV breaks the internet'

      Watts & Wheels S1E7: ‘Ferrari’s EV breaks the internet’

      8 July 2026
      TCS+ | How Tracker is turning vehicle data into business strategy - Silvia Schollenberger

      TCS+ | How Tracker is turning vehicle data into business strategy

      1 July 2026
      TCS+ | IBM Bob: an AI-powered 'development partner' for the enterprise - David Spurway

      TCS+ | IBM Bob: an AI-powered development partner for the enterprise

      30 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E6: ‘A flawless Alfa and a bakkie that divides’

      17 June 2026
      Watts & Wheels S1E6: 'A flawless Alfa and a bakkie that divides'

      Watts & Wheels S1E5: ‘A Bentley of the bush and a car that swims’

      8 June 2026
    • Opinion
      The author, Fanie van Rooyen

      South Africa can still catch the AI wave – here’s how

      7 July 2026
      The author, Fanie van Rooyen

      The AI utopia South Africa can’t afford

      1 July 2026
      The author, Jannie van Zyl

      South Africa’s broadband future is being decided in orbit, not in Pretoria

      30 June 2026
      The author, Pambos Soteriades

      The pivot South Africa’s MVNOs cannot afford to miss

      23 June 2026
      Brazil's online gambling crackdown is a lesson for South Africa

      Brazil’s online gambling crackdown is a lesson for South Africa

      22 June 2026
    • Company Hubs
      • 1Stream
      • Africa Data Centres
      • AfriGIS
      • Altron Digital Business
      • Altron Document Solutions
      • Altron Group
      • Arctic Wolf
      • Ascent Technology
      • AvertITD
      • BBD
      • Braintree
      • CallMiner
      • CambriLearn
      • CM Telecom
      • Contactable
      • CYBER1 Solutions
      • Digicloud Africa
      • Digimune
      • Domains.co.za
      • ESET
      • Euphoria Telecom
      • HOSTAFRICA
      • Incredible Business
      • iONLINE
      • IQbusiness
      • Iris Network Systems
      • Kaspersky
      • LSD Open
      • Mitel
      • NEC XON
      • Netstar
      • Network Platforms
      • Next DLP
      • Ovations
      • Paracon
      • Paratus
      • Q-KON
      • SevenC
      • SkyWire
      • Solid8 Technologies
      • Telit Cinterion
      • Telviva
      • Tenable
      • Vertiv
      • Videri Digital
      • Vodacom Business
      • Wipro
      • Workday
      • XLink
    • Sections
      • AI and machine learning
      • Banking
      • Broadcasting and Media
      • Cloud services
      • Contact centres and CX
      • Cryptocurrencies
      • Education and skills
      • Electronics and hardware
      • Energy and sustainability
      • Enterprise software
      • Financial services
      • HealthTech
      • Information security
      • Internet and connectivity
      • Internet of Things
      • Investment
      • IT services
      • Lifestyle
      • Policy and regulation
      • Public sector
      • Retail and e-commerce
      • Satellite communications
      • Science
      • SMEs and start-ups
      • Social media
      • Talent and leadership
      • Telecoms
      • Watts & Wheels
    • Events
    • Advertise
    TechCentralTechCentral
    Home » Sections » Information security » Chinese hackers ‘attacked’ Kenyan government for years

    Chinese hackers ‘attacked’ Kenyan government for years

    Chinese hackers targeted Kenya's government in a widespread, years-long series of digital intrusions against key ministries and state institutions.
    By Agency Staff24 May 2023
    Twitter LinkedIn Facebook WhatsApp Email Telegram Copy Link
    News Alerts
    WhatsApp

    Chinese hackers targeted Kenya’s government in a widespread, years-long series of digital intrusions against key ministries and state institutions, according to three sources, cybersecurity research reports and analysis of technical data related to the hackings.

    Two of the sources assessed the hacks to be aimed, at least in part, at gaining information on debt owed to Beijing by the East African nation: Kenya is a strategic link in the Belt and Road Initiative — President Xi Jinping’s plan for a global infrastructure network.

    “Further compromises may occur as the requirement for understanding upcoming repayment strategies becomes needed,” a July 2021 research report written by a defence contractor for private clients stated.

    China attaches great importance to Africa’s debt issue and works intensively to help Africa cope with it

    China’s foreign ministry said it was “not aware” of any such hacking, while China’s embassy in Britain called the accusations “baseless”, adding that Beijing opposes and combats “cyberattacks and theft in all their forms”.

    China’s influence in Africa has grown rapidly over the past two decades. But, like several African nations, Kenya’s finances are being strained by the growing cost of servicing external debt — much of it owed to China.

    The hacking campaign demonstrates China’s willingness to leverage its espionage capabilities to monitor and protect economic and strategic interests abroad, two of the sources said.

    The hacks constitute a three-year campaign that targeted eight of Kenya’s ministries and government departments, including the presidential office, according to an intelligence analyst in the region. The analyst also shared research documents that included the timeline of attacks and the targets, and provided some technical data relating to the compromise of a server used exclusively by Kenya’s main spy agency.

    ‘Not unique’

    A Kenyan cybersecurity expert described similar hacking activity against the foreign and finance ministries. All three of the sources asked not to be named due to the sensitive nature of their work.

    “Your allegation of hacking attempts by Chinese government entities is not unique,” Kenya’s presidential office said, adding the government had been targeted by “frequent infiltration attempts” from Chinese, American and European hackers. “As far as we are concerned, none of the attempts was successful,” it said. It did not provide further details nor respond to follow-up questions.

    A spokesman for the Chinese embassy in Britain said China is against “irresponsible moves that use topics like cybersecurity to sow discord in the relations between China and other developing countries”.

    “China attaches great importance to Africa’s debt issue and works intensively to help Africa cope with it,” the spokesman added.

    Between 2000 and 2020, China committed nearly US$160-billion in loans to African countries, according to a comprehensive database on Chinese lending hosted by Boston University, much of it for large-scale infrastructure projects.

    Kenya used over $9-billion in Chinese loans to fund an aggressive push to build or upgrade railways, ports and highways.

    Beijing became the country’s largest bilateral creditor and gained a firm foothold in the most important East African consumer market and a vital logistical hub on Africa’s Indian Ocean coast.

    By late 2019, however, when the Kenyan cybersecurity expert said he was brought in by Kenyan authorities to assess a hack of a government-wide network, Chinese lending was drying up. And Kenya’s financial strains were showing.

    The breach reviewed by the Kenyan cybersecurity expert and attributed to China began with a “spearphishing” attack at the end of that same year, when a Kenyan government employee unknowingly downloaded an infected document, allowing hackers to infiltrate the network and access other agencies.

    “A lot of documents from the ministry of foreign affairs were stolen and from the finance department as well. The attacks appeared focused on the debt situation,” the Kenyan cybersecurity expert said.

    Another source — the intelligence analyst working in the region — said Chinese hackers carried out a far-reaching campaign against Kenya that began in late 2019 and continued until at least 2022.

    The NIS breach was possibly aimed at gleaning information on how Kenya planned to manage its debt payments

    According to documents provided by the analyst, Chinese cyber spies subjected the office of Kenya’s president, its defence, information, health, land and interior ministries, its counter-terrorism centre and other institutions to persistent and prolonged hacking activity.

    The affected government departments did not respond to requests for comment, declined to be interviewed or were unreachable.

    By 2021, global economic fallout from the Covid-19 pandemic had already helped push one major Chinese borrower — Zambia — to default on its external debt. Kenya managed to secure a temporary debt repayment moratorium from China.

    In early July 2021, the cybersecurity research reports shared by the intelligence analyst in the region detailed how the hackers secretly accessed an e-mail server used by Kenya’s National Intelligence Service (NIS).

    Reuters was able to confirm that the victim’s IP address belonged to the NIS. The incident was also covered in a report from the private defence contractor reviewed by Reuters.

    Reuters could not determine what information was taken during the hacks or conclusively establish the motive for the attacks. But the defence contractor’s report said the NIS breach was possibly aimed at gleaning information on how Kenya planned to manage its debt payments.

    “Kenya is currently feeling the pressure of these debt burdens … as many of the projects financed by Chinese loans are not generating enough income to pay for themselves yet,” the report stated.

    A review of internet logs delineating the Chinese digital espionage activity showed that a server controlled by the Chinese hackers also accessed a shared Kenyan government webmail service more recently from December 2022 until February this year.

    China is a main victim of cyber theft and attacks and a staunch defender of cybersecurity

    Chinese officials declined to comment on this recent breach, and the Kenyan authorities did not respond to a question about it.

    The defence contractor, pointing to identical tools and techniques used in other hacking campaigns, identified a Chinese state-linked hacking team as having carried out the attack on Kenya’s intelligence agency.

    The group is known as “BackdoorDiplomacy” in the cybersecurity research community, because of its record of trying to further the objectives of Chinese diplomatic strategy.

    According to Slovakia-based cybersecurity firm ESET, BackdoorDiplomacy re-uses malicious software against its victims to gain access to their networks, making it possible to track their activities.

    Provided with the IP address of the NIS hackers, Palo Alto Networks, a US cybersecurity firm that tracks BackdoorDiplomacy’s activities, confirmed that it belongs to the group, adding that its prior analysis shows the group is sponsored by the Chinese state.

    Less common

    Cybersecurity researchers have documented BackdoorDiplomacy hacks targeting governments and institutions in a number of countries in Asia and Europe. Incursions into the Middle East and Africa appear less common, making the focus and scale of its hacking activities in Kenya particularly noteworthy, the defence contractor’s report said. “This angle is clearly a priority for the group.”

    China’s embassy in Britain rejected any involvement in the Kenya hackings, and did not directly address questions about the government’s relationship with BackdoorDiplomacy.

    “China is a main victim of cyber theft and attacks and a staunch defender of cybersecurity,” a spokesman said.  — Aaron Ross, James Pearson and Christopher Bing, with Eduardo Baptista, (c) 2023 Reuters

    Get TechCentral’s daily newsletter

    Follow TechCentral on Google News Add TechCentral as your preferred source on Google


    WhatsApp YouTube
    Share. Facebook Twitter LinkedIn WhatsApp Telegram Email Copy Link
    Previous ArticleTheft, vandalism disrupt rail line between Durban, Joburg
    Next Article South African inflation slows more than expected

    Related Posts

    The lone ship guarding Africa's internet - Léon Thévenin

    The lone ship guarding Africa’s internet

    14 July 2026
    The Popia problem with agentic AI

    The Popia problem with agentic AI

    14 July 2026
    How Paratus and Eutelsat are connecting Southern Africa's mines

    How Paratus and Eutelsat are connecting Southern Africa’s mines

    14 July 2026
    Company News
    How Paratus and Eutelsat are connecting Southern Africa's mines

    How Paratus and Eutelsat are connecting Southern Africa’s mines

    14 July 2026
    Rain supercharges 5G with Huawei

    Rain supercharges 5G with Huawei

    10 July 2026
    Africa's data centres: AI, edge computing and new energy demands - Vertiv OADC Open Access Data Centres

    Africa’s data centres: AI, edge computing and new energy demands

    9 July 2026
    Opinion
    The author, Fanie van Rooyen

    South Africa can still catch the AI wave – here’s how

    7 July 2026
    The author, Fanie van Rooyen

    The AI utopia South Africa can’t afford

    1 July 2026
    The author, Jannie van Zyl

    South Africa’s broadband future is being decided in orbit, not in Pretoria

    30 June 2026

    Subscribe to Updates

    Get the best South African technology news and analysis delivered to your e-mail inbox every morning.

    Latest Posts
    The lone ship guarding Africa's internet - Léon Thévenin

    The lone ship guarding Africa’s internet

    14 July 2026
    The Popia problem with agentic AI

    The Popia problem with agentic AI

    14 July 2026
    How Paratus and Eutelsat are connecting Southern Africa's mines

    How Paratus and Eutelsat are connecting Southern Africa’s mines

    14 July 2026
    Djima Antaley delivers a package for Afrety in Dakar, Senegal. Ricci Shryock/Reuters

    The middlemen powering Africa’s online shopping boom

    14 July 2026
    © 2009 - 2026 NewsCentral Media
    Built and maintained by Chronon
    • Cookie policy (ZA)
    • TechCentral – privacy and Popia

    Type above and press Enter to search. Press Esc to cancel.

    Manage consent

    TechCentral uses cookies to enhance its offerings. Consenting to these technologies allows us to serve you better. Not consenting or withdrawing consent may adversely affect certain features and functions of the website.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}