The Cyberwar Between the East and the West Goes Through Africa

Nation-state hackers are a potent weapon in the hands of countries. The days a war starts by someone pulling a trigger are gone: It has been replaced by the Enter key.

To gain the best possible insights into global threat landscapes, who is attacking who, why they're attacking, and how the West and Africa can mobilize to tackle nation-backed cyber threats, it's crucial to understand the geopolitical dynamics of cyber warfare. Only by gaining a thorough context of the situation can governments, businesses, and cybersecurity providers effectively reduce nation-backed cyberattacks.

The Role of Africa in Global Cyber Warfare

Africa, and South Africa in particular, forms a delicate bridge between the East and the West. On one hand, Africa has economically benefited from the East; Eastern mining, infrastructure, and private-sector companies all have roots in the continent. At the same time, Africa increasingly seeks trade deals with the West.

Careful balancing of economic ties with Eastern and Western nations has enabled Africa to accelerate its export trade in the last decade, with the continent's average GDP growth expected to rise from 3.8% in 2022 to 4.1% in 2023–2024.

However, as large Western organizations conduct business with African nations, they become vulnerable to the threat of cyberattacks coordinated across the continent. Many of these attacks are perpetrated by attackers based in or backed by the BRICS nations (Brazil, Russia, India, China, and South Africa).

Cyberattacks have proliferated over the last decade, particularly in Africa. In Kenya and Nigeria, Kaspersky reports a large increase in financial and banking Trojans in the second quarter of 2021 compared with the first quarter of 2021: a 59% increase in Kenya, and a 32% increase in Nigeria.

A 10-year review of the cyber-threat landscape in South Africa finds that the most prevalent perpetrators of cybercrime were trained hackers, and the most common motivation was criminal.

Countries spanning the continent are targeted on a mass scale, often using the same threat methodologies. At Performanta, we've seen attack methodologies repeated by actors across various countries: we discovered a Lazarus Group cyberattack network operating in Zambia and tracked the same attack tools and methodologies to activity in Uganda.

We've also seen APT40, also known as Kryptonite Panda, an advanced persistent threat (APT) located in Haikou, Hainan Province, People's Republic of China, target government organizations, companies, and universities in a wide range of industries via Africa and across the United States, Canada, Europe, and the Middle East. APT40 counterparties, China-based Phantom Panda and Wet Panda, have similarly targeted these regions over telecommunications networks.

Why are Eastern APT groups attacking via Africa? There are a few motivations: Attackers may perceive attacking Africa to have fewer risks; they're aiming to access Western assets via Africa; or they are testing attack methodologies on Africa to later use in the West on home soil. The big picture is dangerously murky, but all these reasons enter into the equation.

Where Does the West Come in?

The West and Africa are intrinsically linked as they both fall afoul of the East and BRICS attacks. To counter this, both must implement long-term collaborative efforts to turn the cyberwars in their favor. Any short-term partnership fails to consider the aggressively innovating threat landscape, where insights are outdated almost as soon as they are collected.

Working cooperatively, the West and Africa can share knowledge of APT threats, attack success rates, emerging methodologies, and the strategies deployed by specific nations, sponsored groups, or ransomware-as-a-service (RaaS) brokers. Managed security service providers possess deep knowledge of regional threat landscapes in Africa, and this could prove pivotal in deciphering the severity of threat data and data loss, allowing more efficient threat categorization.

With this information, the right combat tools can be put into place and attacks can be thwarted more successfully. Both parties can gain visibility into new threat-prevention methods, big data sets, and powerful cybersecurity tools that can help them fight the threat of BRICS-backed actors on all fronts.

In the pursuit of global cyber safety, immediate, direct cooperation is the only way that Africa's unique placement as a bridge between East and West can transform from a vulnerability to an advantage.