Two of the sources assessed the hacks to be aimed, at least in part, at gaining information on debt owed to Beijing by the East African nation: Kenya is a strategic link in the Belt and Road Initiative - President Xi Jinping's plan for a global infrastructure network.
The hacks constitute a three-year effort targeting eight of Kenya's ministries and government departments, including the presidential office, according to an intelligence analyst in the region.
The analyst also shared with Reuters research documents that included the timeline of attacks, the targets, and provided some technical data relating to the compromise of a server used exclusively by Kenya's main spy agency.
A Kenyan cybersecurity expert described similar hacking activity against the foreign and finance ministries. All three of the sources asked not to be named due to the sensitive nature of their work.
The breach reviewed by the expert and attributed to China began with a "spearphishing" attack at the end of that same year, when a Kenyan government employee unknowingly downloaded an infected document, allowing hackers to infiltrate the network and access other agencies.
"A lot of documents from the ministry of foreign affairs were stolen and from the finance department as well. The attacks appeared focused on the debt situation," the cybersecurity pro said.
Another source - the intelligence analyst working in the region - said Chinese hackers carried out a far-reaching campaign against Kenya that began in late 2019 and continued until at least 2022.
Reuters could not determine what information was taken during the hacks or conclusively establish the motive for the attacks. But the defence contractor's report said the NIS breach was possibly aimed at gleaning information on how Kenya planned to manage its debt payments.
The hacking campaign demonstrates China's willingness to leverage its espionage capabilities to monitor and protect economic and strategic interests abroad, two of the sources said.
China's foreign ministry said it was "not aware" of any such hacking, while China's embassy in Britain called the accusations "baseless," adding that Beijing opposes and combats "cyberattacks and theft in all their forms."
"Further compromises [data hacks] may occur as the requirement for understanding upcoming repayment strategies becomes needed," a July 2021 research report written by a defense contractor for private clients stated.
China's influence in Africa has grown rapidly over the past two decades. But, like several African nations, Kenya's finances are being strained by the growing cost of servicing external debt - much of it owed to China.
Kenya used over $9 billion in Chinese loans to fund an aggressive push to build or upgrade railways, ports and highways.
Reuters could not determine what information was taken during the hacks or conclusively establish the motive for the attacks. But the defence contractor's report said the NIS breach was possibly aimed at gleaning information on how Kenya planned to manage its debt payments.
"Kenya is currently feeling the pressure of these debt burdens...as many of the projects financed by Chinese loans are not generating enough income to pay for themselves yet," the report stated.
Forum