A comprehensive report by the cybersecurity intelligence organization Recorded Future has revealed that Kenyan government agencies were among the victims of cyber espionage activities carried out by an alleged Chinese hacking group known as RedJulliett. The report documented a series of cyber attacks that occurred from November 2023 to April 2024, identifying over 24 government entities from various countries, including Kenya and Rwanda, that were compromised.
The scope of RedJulliett’s cyber attacks extended beyond government institutions to encompass sectors such as education, technology, and diplomacy. The group also launched cyber assaults on websites affiliated with religious groups in Hong Kong and South Korea. Additionally, academic institutions in the United States and Djibouti were not spared from these attacks.
The hacking group exploited a specific vulnerability in the SoftEther VPN software, which is commonly used by organizations for establishing secure remote connections to their internal networks. The attackers also employed SQL injection and directory traversal techniques to exploit weaknesses in web and SQL server applications.
Although Recorded Future observed the hacking attempts and the identification of network vulnerabilities, it remains uncertain whether RedJulliett successfully penetrated the targeted organizations’ systems.
This series of cyber attacks is not an isolated incident for Kenya with regards to Chinese hackers. In May 2023, Reuters reported that Chinese cyber attackers had targeted several Kenyan government departments, including the Ministry of Finance, the Office of the President, and the national intelligence agency. The aim was to gather intelligence on Kenya’s financial obligations to China.
Furthermore, in July 2023, a Sudanese hacker collective known as “Anonymous Sudan” reportedly infiltrated Kenya’s eCitizen platform, which includes services from the National Transport and Safety Authority (NTSA), by executing a distributed denial-of-service (DDoS) attack. This attack disrupted the platform’s operations and was purportedly a retaliatory action against Kenya’s alleged meddling in Sudanese internal affairs.
In light of the recent cyber attacks, Kenya is poised to receive assistance in bolstering its cybersecurity defenses, thanks to pledges from major technology corporations. In May 2024, industry leaders such as Google and Microsoft announced their intentions to make significant digital investments in Kenya. These investments are not limited to financial contributions but also include collaborative efforts to enhance the country’s cybersecurity infrastructure.
The commitments from these tech giants are expected to provide a substantial boost to Kenya’s capabilities in defending against cyber threats. The support will likely encompass a range of cybersecurity measures, from advanced threat detection to improved security protocols, and may also involve training for Kenyan personnel to better manage and respond to cyber incidents.
This international support comes at a crucial time as Kenya continues to navigate the challenges posed by sophisticated cyber adversaries. With the expertise and resources of Google and Microsoft, Kenya can look forward to strengthening its digital defenses and securing its critical information infrastructure against future cyber attacks.