By Jason Collins, Warrior Maven Contribution
SentinelOne, Inc., an American cybersecurity company, announced the formation of the Undermonitored Regions Working Group (URWG) with a focus on addressing the unique cybersecurity problems arising in historically undermonitored regions of Africa and Latin America. The formation of this working group comes as a response to state-sponsored cybersecurity threats emerging globally from nations such as China, Russia, and Egypt, with the greatest emphasis on China and its debt-trap diplomacy.
“Debt trap diplomacy” is a term used to describe a controversial aspect of the People’s Republic of China’s foreign policy and its soft power agenda across underdeveloped, third-world countries, such as vast regions of Africa and Latin America. The concept pertains to a situation in which China, as a creditor country, grants excessive credit to a borrower/debtor country that might become heavily dependent on Chinese loans for its infrastructure development needs.
In a less-than-hypothetical scenario in which a debtor country, such as South Africa, Kenya, Senegal, and Ethiopia, can’t meet their repayment terms, China can extract various economic or political concessions. Why does this matter? The threat intelligence industry has an unfortunate tendency to overlook regions that do not pose immediate financial or security interests. And it is precisely in these regions that potential threat actors, such as China, Russia, and Egypt, might subtly shift the balance of negotiations in their favor.
When it comes to Africa specifically, China has financed massive critical infrastructure in numerous African countries. These countries, eagerly pursuing infrastructural and economic development, readily accepted generous Chinese investments, prioritizing their immediate benefits over potentially adverse effects that might occur in the future. In the context of cybersecurity, it’s important to note that China made significant investments in Africa’s telecommunication infrastructure over the past decade, with tech giants such as Chinese Huawei and ZTE providing all the ICT equipment.
During that time, cybersecurity researchers have become increasingly aware of Chinese cyberespionage targeting debtor countries in Africa. One such example is the African Union (AU) headquarters building in Ethiopia, which has been funded and built by the Chinese government, with network technology and services reportedly provided by Huawei. In 2018, it was reported that the Chinese government maintained backdoor access to the AU’s servers, and in 2020, a separate group of Chinese-linked hackers was caught stealing CCTV footage from within the same building.
These are hardly isolated incidents. In 2023, there was a series of targeted attacks against a telecommunication entity from North Africa, and the timing of these attacks conspicuously aligned with Chinese soft power interest in Africa since the entity was in private talks for further expansion within the region. Data obtained from these intrusions can provide the Chinese government with internal knowledge of the negotiations, provide a competitive advantage, and allow any threat actor to strategically preposition for retained access for further intelligence collection.
Cyber threats are but one tool in China’s soft-power toolbox, but they grant the country vast influence over debtor countries, facilitated by the PRC’s debt-trap diplomacy. Africa’s dependency on Chinese telecommunications, including mobile networks, broadband infrastructure, and payment services, empowers China to shape the continent’s policies and narratives so that they align with the country’s geopolitical objectives. This not only infringes on personal and political freedoms but also raises significant concerns for data privacy and national sovereignty.
It is imperative for the cybersecurity community to deepen its understanding of China’s cyber activities in undermonitored regions as a prescription against unwanted encroachment. The newly formed Undermonitored Regions Working Group aims to collaborate on understanding various intrusions and delivering intelligence to victims and defenders, potentially disrupting cyber threats and fortifying the global ecosystem against sophisticated cyber threat actors. It is becoming increasingly clear that the story of Africa’s current digital landscape could be the precursor of future global narratives.
Jason Collins, Warrior Maven Contributor
