Truth, Inspiration, Hope.

CCP Hackers Compromised Kenyan Government In 2019 as Belt and Road Debts Soured

Kenya accepted $9.2 billion in 17 loans between 2008 and 2019 from the government of China, the Chinese Communist Party, under the Belt and Road Initiative. China is Kenya's largest creditor behind the World Bank.
Neil Campbell
Neil lives in Canada and writes about society and politics.
Published: May 27, 2023
The CCP hacked Kenya after BRI loans went sour
A file photo of officials for the government of China and the government of Kenya at a shipping depot during an event in Nairobi in 2017. Chinese Communist Party hackers compromised and targeted the Kenyan government between 2019 and 2022 after $9.2 billion worth of Belt and Road Initiative loans had soured, Reuters alleges based on information it obtained from anonymized sources. (Image: PATRICK MEINHARDT/AFP via Getty Images)

Hackers connected to the Chinese government, the Chinese Communist Party, compromised several critical systems in the African nation of Kenya in 2019 as pressures from debts incurred from loans under the Belt and Road Initiative increased.

The allegations were made by Reuters in a May 24 exclusive relying on anonymous insiders in the Kenya government, cybersecurity experts, and the outlet’s own analysis.

In July of 2021 after the world economy had been crippled by Coronavirus Disease 2019 (COVID-19) lockdown measures and travel bans, a research report Reuters viewed by an unnamed defense contractor stated in regards to Kenya’s systems, “Further compromises may occur as the requirement for understanding upcoming repayment strategies becomes needed.”


Reuters further stated that two of its unidentified sources “assessed the hacks to be aimed, at least in part, at gaining information on debt owed to Beijing.”

A pair of sources were similarly paraphrased in the following way: “The hacking campaign demonstrates China’s willingness to leverage its espionage capabilities to monitor and protect economic and strategic interests abroad.”

One document viewed for the report was quoted as stating, “Kenya is currently feeling the pressure of these debt burdens…as many of the projects financed by Chinese loans are not generating enough income to pay for themselves yet.”

Both the Foreign Ministry and the Chinese Embassy in Britain denied the allegations.

In a May 25 follow up article, Reuters noted that Raymond Omollo, Kenyan Principal Secretary for Internal Security and National Administration, bluntly said, “The article should be viewed as sponsored propaganda” in a statement.

Relying on “an intelligence analyst in the region,” Reuters said in the original article that the Communist Party’s hackers spent three years targeting eight different ministries and departments of the Kenyan government, including compromising a server used by “Kenya’s main spy agency.”

The Presidential Office told Reuters in a response for the May 24 article that hacking attempts against it were not unique to China, and that it has been targeted by American and European entities as well.

According to a tracker of overseas development finances by the Chinese government hosted by Boston University, Kenya accepted $9.2 billion USD in funding across 17 different loans between 2008 and 2019, mostly provided via The Export-Import Bank of China.

A May 25 article by Al Jazeera put the size into perspective, “As of January, Kenya’s external debt stood at $34bn. A sixth of this is owed to China, which remains Kenya’s biggest creditor after the World Bank.”

Reuters states that in 2019, Communist Party hackers gained access to the Kenyan Government’s servers after an employee was manipulated into opening a document that served as a trojan horse.

“A lot of documents from the ministry of foreign affairs were stolen and from the finance department as well. The attacks appeared focused on the debt situation,” one source told the outlet.

Another source stated the campaign continued until at least 2022.

Based on documents provided by the analysts, Reuters declared that “Chinese cyber spies subjected the office of Kenya’s president, its defence, information, health, land and interior ministries, its counter-terrorism centre and other institutions to persistent and prolonged hacking activity.”

By 2021, analysts had determined the Party had compromised an email server used by Kenya’s National Intelligence Service.

Named by name in the Reuters report is an Advanced Persistent Threat (APT) team, which cybersecurity firm ESET dubbed “BackdoorDiplomacy” in 2021 on the basis that the same group, which made itself trackable by reusing exploits, had been targeting multiple national entities across Africa and the Middle East since at least 2017.

U.S.-based Palo Alto Networks, another security firm, confirmed for Reuters that IP addresses sources gave to it for the article belonged to BackdoorDiplomacy, which Palo Alto tracks.

In 2018, the African Union Headquarters in Ethiopia had been hacked, delivering data extracted from the building’s internal network to mainland China every night between 2012 and 2017, the Council of Foreign Relations (CFR) stated in a 2018 article based on reporting by French publication La Monde.

The HQ is featured on an official Belt and Road website hosted by the CCP as it was built and paid for in 2012 by Chinese government entities as a “gift.”

CFR’s author wrote, “According to Le Monde, the African Union kept the Chinese surveillance secret for a year after discovering it, suggesting that African leaders believed such information, if public, could have explosive consequences for their relationship with China.” 

“Africa’s hesitation to disclose this incursion demonstrates just how much influence Chinese strategic ambitions have over choices African actors make,” they added.