Chinese companies are rapidly deploying technology to enable telecommunications, mobile payments, smart cities and underwater fiber networks across Africa — but some fear that the rollouts will enable surveillance of industry, government and the public as China gets a larger foothold in the continent’s operations.
To help thwart that outcome, SentinelOne is launching the Undermonitored Regions Working Group (URWG) to address what it calls “unique cybersecurity hurdles faced in these regions,” which are frequently sidelined in mainstream global cybersecurity discussions.
According to a white paper from the security firm detailing the concerns, there is “a considerable gap in the realm of cyber threat intelligence” regarding Africa, and a lack of clarity as to what the long-term agenda of China is in investing in the region.
The result of that investment will thus be an “intricate web of geopolitics and cyber threats,” Tom Hegel, senior threat researcher at SentinelOne, said in the white paper.
A Soft Power Dominance
Highlighting what he called a “soft power diplomacy,” Hegel said that China is actively cultivating cultural ties and nurturing educational partnerships across Africa, and building a wider technology dominance having financed large critical infrastructure projects in many African countries. This is due to African countries seeking economic and infrastructure development, and China has been a keen investor over the last decade.
In particular, Hegel said in the white paper that Chinese companies Huawei and ZTE “have brought the boon of digital connectivity to the remotest corners of Africa,” and also cited investment in projects laying subsea cables to rejuvenate Africa’s digital connectivity. This project is being conducted by HMN Technologies, which previously had links to Huawei and could allow China the capability to monitor data flowing through them and determine the flow of information between continents.
Also, the digital mobile banking platform M-Pesa has more than 50 million users processing more than $314 billion in transactions annually, and it recently has been migrated to Huawei’s Mobile Money Platform. And OPay and PalmPay, which are both backed by Chinese investors, have moved into this market, too.
Huawei technology is also being used in smart-city initiatives, with facial recognition, artificial intelligence, data analytics, and 5G networks being deployed to enhance urban management, augment public safety, and spur economic development.
Despite the potential economic upside for the region that greater technology investment brings, Hegel said the rollout of these technologies is “creating a scenario where a foreign power has an overwhelming influence over the financial stability, habits, and preferences of a significant portion of the African populace.”
For instance, Hegel said in the white paper that the Huawei-driven smart cities, since they will operate fundamentally on Chinese technology, could give Beijing real-time insights into population movements and more.
An Industry Response To China Concerns
URWG has a mission to expand industry knowledge of cyber threats in less-monitored regions of the world, especially Africa, primarily by working with local experts to understand the challenges and provide resources. Also, the group will track state-sponsored threats and harness collective expertise to identify new threats and devise effective countermeasures against them.
“My ambition is to make this a thriving and trusted resource for this type of research, imposing cost on these adversaries, and enable new methods of threat tracking,” Hegel tells Dark Reading.
He says this will be a completely voluntary effort for established security researchers, local experts, and others who can provide value to the work, and is an effort to “collaborate and provide intelligence to those defending, and overall improve our understanding of threat activity in these regions.”
Evidence of a Chinese Threat?
Earlier this year, Sentinel One revealed details of Operation Tainted Love, a series of targeted attacks conducting reconnaissance, credential theft, lateral movement, and data exfiltration activities against telecommunication, financial, and government entities in Southeast Asia, Europe, Africa, and the Middle East. It claimed the initial attack phases were conducted by Chinese threat actors with cyber-espionage motivations.
Another China-linked APT group, named BackdoorDiplomacy, had operated across Africa in a three-year endeavor targeting governmental organizations in Kenya with tactics similar to those deployed in Operation Tainted Love.
Hegel said in the white paper that BackdoorDiplomacy also concentrates its efforts on government entities, along with high-priority telecommunications and finance organizations, and had conducted campaigns across Africa, particularly in South Africa, Kenya, Senegal, and Ethiopia.
SentinelOne isn’t the only entity concerned about an expanding Chinese technological footprint. For example, one report claimed that the Chinese government maintained backdoor access into servers for the African Union’s headquarters in Ethiopia between 2012 and 2017.
Hegel said in the white paper that these targeted intrusions against key industrial sectors had been tracked in various African nations, and align with China’s broader soft power and technological agenda in the region.
“Based on our limited perspective into some of these intrusions, there does appear to be targeting in line with soft power agendas,” he tells Dark Reading. “This includes strategic telecommunication competition to China in Africa, and financial organizations relevant to investments made by China.”