Targeted cyber intrusions against key industrial sectors in various African nations conspicuously align with China\u2019s broader soft power and technological agenda in the region, encompassing critical areas such as the telecommunication sector, financial institutions, and governmental bodies. That\u2019s according to a new report from SentinelOne, which has observed sustained tasking toward strategic intrusions by Chinese threat actors in Africa designed to extend influence throughout the continent.\n\n\u201cAs we have navigated through the complexities of Chinese influence in Africa, the role of offensive cyber actions, and the broader implications of tech dominance, it becomes evident that this intricate web of geopolitics and cyber threats demands attention across the cybersecurity industry,\u201d Tom Hegel, cybersecurity researcher at SentinelOne, wrote in a blog post.\n\nThree significant sets of cyber activity best exemplify the larger set of China-aligned activity in Africa, according to SentinelOne.\n\nOperation Tainted Love aligns with Chinese telecommunication interests\n\nFirst is Operation Tainted Love, a case centered on targeted attacks against telecommunications providers predominantly located in the Greater Middle East region. \u201cThis discovery marked an evolution of the toolkit involved in Operation Soft Cell, forging immediate connections to previous China-attributed activities,\u201d SentinelOne claimed. Operation Tainted Love involves the use of a rigorously maintained and version-controlled system for credential theft and a novel dropper mechanism, indicating a concerted effort undertaken by a threat actor\/threat actors driven by specific objectives, the firm added.\n\n\u201cUnnoted in our initial report, we identified the compromise of a telecommunications entity based in North Africa by the same threat actor,\u201d SentinelOne said. \u201cThe timing of this activity aligned closely with Chinese telecommunication soft power interests in Africa, as the organization was in private negotiations for further regional expansion in areas.\u201d Strategic objectives in such intrusions highlight interest from China in internal business knowledge on negotiations, providing competitive advantage, or prepositioning for retained technical access for intelligence collection, it added.\n\nAPT group BackdoorDiplomacy targets governmental organizations\n\nThe second notable activity cited by SentinelOne relates to APT threat group BackdoorDiplomacy, which has operated across Africa for several years. More recently, fresh revelations emerged spotlighting the group\u2019s sustained three-year endeavor targeting governmental organizations in Kenya, according to the company.\n\n\u201cThrough analysis of infrastructure tied to this actor, we assess multiple African countries are experiencing targeting over the last few years, including at least South Africa, Kenya, Senegal, and Ethiopia,\u201d the firm wrote. \u201cOur current perspective suggests a close relationship between BackdoorDiplomacy and another Chinese state sponsored threat actor, APT15.\u201d\n\nThreat actor ambiguity reflects interest in African Union intelligence\n\nThe third China-aligned activity highlighted by SentinelOne centers on a broader set of campaigns that demonstrate threat actor ambiguity, emphasized by recent reports on FamousSparrow and Earth Estries. \u201cPinpointing precise clustering for these groups remains challenging due to a prevalence of shared technical resources,\u201d SentinelOne said, but TTPs and targeting objectives are somewhat related to the APT41 umbrella, it claimed.\n\nSeparate Chinese espionage efforts against the African Union (AU) were allegedly discovered in 2017, while more recently, AU IT staff were notified of an intrusion attributed to the Bronze President APT, a Chinese threat actor. Bronze President was observed exfiltrating surveillance footage from the AU headquarters facility, highlighting how much of a priority intelligence from inside the AU is to Beijing, SentinelOne said.\n\nAfrica\u2019s cybersecurity lagging behind continent\u2019s digital, economic advancement\n\nAfrica is a region experiencing rapid digital, technological, and economic development, increasing its combined GDP more than five-fold over the past 20 years. However, this development has outpaced that of cybersecurity resources, capabilities, laws, and regulations, with increasing cyberattacks in the region threatening businesses, critical infrastructure, and government. The lack of effective international cooperation and information exchange between African countries is hindering the fight against cybercrime, while its low level of preparedness to counter cyberthreats costs the concerned countries on average 10% of their GDP, according to Positive Technologies. Cybercriminals actively buy and sell access to the networks of major African organizations such as government and financial institutions, trade enterprises, and IT companies, with financial difficulties pushing the younger generation to look for ways to earn money quickly \u2013 the increasingly low entry threshold for engaging in cybercrime thus makes this a tempting prospect, the firm added.\n\nMeanwhile, about 90% of African businesses operate without cybersecurity protocols, making them vulnerable to cyberthreats, according to a 2021 INTERPOL report.\n\nECOWAS announces plans to advance cybersecurity in West Africa\n\nLast week, the Economic Community of West African States (ECOWAS) and its partners announced the Joint Platform for the Advancement of Cybersecurity in West Africa, part of the ECOWAS Action Plan to increase regional cybersecurity resilience and capacity. \u201cCybersecurity is not merely a technical issue; it is a matter of national security, economic stability, and safeguarding the privacy and rights of our people,\u201d said Sediko Douka, commissioner in charge of infrastructure, energy, and digitization of the ECOWAS Commission. \u201cIt is important to act decisively to protect our critical infrastructure, secure our data, and ensure the trust and confidence of those who use digital services.\u201d\n\nThe first concrete lines of work from the action plan to be implemented with the support of the government of Germany will focus on three key areas. The importance of developing and implementing regional confidence-building measures in the field of cybersecurity, strengthening regional cooperation and cyber capabilities at the regional level, and skills development as well as regional cyber diplomacy mechanisms.