“Through analysis of infrastructure tied to this actor, we assess multiple African countries are experiencing targeting over the last few years, including at least South Africa, Kenya, Senegal, and Ethiopia,” the firm wrote. “Our current perspective suggests a close relationship between BackdoorDiplomacy and another Chinese state sponsored threat actor, APT15.”
Threat actor ambiguity reflects interest in African Union intelligence
The third China-aligned activity highlighted by SentinelOne centers on a broader set of campaigns that demonstrate threat actor ambiguity, emphasized by recent reports on FamousSparrow and Earth Estries. “Pinpointing precise clustering for these groups remains challenging due to a prevalence of shared technical resources,” SentinelOne said, but TTPs and targeting objectives are somewhat related to the APT41 umbrella, it claimed.
Separate Chinese espionage efforts against the African Union (AU) were allegedly discovered in 2017, while more recently, AU IT staff were notified of an intrusion attributed to the Bronze President APT, a Chinese threat actor. Bronze President was observed exfiltrating surveillance footage from the AU headquarters facility, highlighting how much of a priority intelligence from inside the AU is to Beijing, SentinelOne said.
Africa’s cybersecurity lagging behind continent’s digital, economic advancement
Africa is a region experiencing rapid digital, technological, and economic development, increasing its combined GDP more than five-fold over the past 20 years. However, this development has outpaced that of cybersecurity resources, capabilities, laws, and regulations, with increasing cyberattacks in the region threatening businesses, critical infrastructure, and government. The lack of effective international cooperation and information exchange between African countries is hindering the fight against cybercrime, while its low level of preparedness to counter cyberthreats costs the concerned countries on average 10% of their GDP, according to Positive Technologies. Cybercriminals actively buy and sell access to the networks of major African organizations such as government and financial institutions, trade enterprises, and IT companies, with financial difficulties pushing the younger generation to look for ways to earn money quickly – the increasingly low entry threshold for engaging in cybercrime thus makes this a tempting prospect, the firm added.
Meanwhile, about 90% of African businesses operate without cybersecurity protocols, making them vulnerable to cyberthreats, according to a 2021 INTERPOL report.
ECOWAS announces plans to advance cybersecurity in West Africa
Last week, the Economic Community of West African States (ECOWAS) and its partners announced the Joint Platform for the Advancement of Cybersecurity in West Africa, part of the ECOWAS Action Plan to increase regional cybersecurity resilience and capacity. “Cybersecurity is not merely a technical issue; it is a matter of national security, economic stability, and safeguarding the privacy and rights of our people,” said Sediko Douka, commissioner in charge of infrastructure, energy, and digitization of the ECOWAS Commission. “It is important to act decisively to protect our critical infrastructure, secure our data, and ensure the trust and confidence of those who use digital services.”