During the annual leaders summit held at the African Union (AU) Headquarters this year, employees of the international organization discovered that a breach had allowed hackers to steal footage from their security cameras.
The AU technology team were tipped off by Japanese Cyber researchers leading to the discovery that a group of suspected Chinese hackers had infiltrated servers at the basement of an administrative annex and were siphoning surveillance videos from the AU quarters in Addis Ababa, Ethiopia.
“We cannot estimate the quantity and value of the data which have been stolen,” the memo said, adding that while AU technicians had managed to interrupt the flow of data, the hackers could easily regain the upper hand.
“We are still weak to prevent another attack.” the memo said.
Japan’s Computer Emergency Response Team (CERT) tipped off the AU officials through an email in January 17 after they discovered unusual traffic between the international organization’s network and a domain associated with Bronze president.
Koichiro Komiyama, who directs the global coordination division of Japan’s CERT is the one who sent out the warning after his colleague discovered the malicious traffic while going through the hacking group’s old infrastructure.
Once they had received the email, AU’s technology team were able to trace the suspicious traffic to servers at the organization’s Building C, which is part of the older AU complex located across the road from the new conference centre.
According to the memo, the hackers were able to siphon “huge volumes of traffic” from the servers hidden within the regular flow of data that leaves the AU network during business hours. In fact, to avoid raising any suspicions, the hackers even paused their data theft during lunch hour.
The memo was drafted in early January and sent out to officials. The incident demonstrated just how far world powers are willing to go to gain some influence and visibility at Africa’s most distinguished organization.
Secureworks, an arm of Dell technologies, has been tracking Bronze President since 2018 and confirmed that the malicious domain discovered by CERT was indeed linked to the hackers.
Secureworks revealed that there was strong evidence that the Hacking Group had its roots in China with a number of espionage attempts detected targeting China’s neighbours such as Mongolia and India.
It is interesting to note that officials from Europe and the US have already raised concerns as Beijing stepped up to meet the AU’s needs. This has contributed to Africa shifting its focus to China making it the top continent’s creditor.
The AU showpiece new conference was built by Chinese contractors in 2012 and to date, Chinese technicians are helping to maintain its digital infrastructure.
Through an email, the Chinese Mission to the AU said that “the AU side has not mentioned being hacked on any occasion” and that “Africa and China are good friends, partners and brothers.”
“We never interfere in Africa’s internal affairs and wouldn’t do anything that harms the interests of the African side,” the email said.
The former AU official who spoke to Reuters said it was highly unlikely that there would be any official protest regarding the matter. He said China had offered critical services that ensured the smooth running of the AU’s operations.
He cited one particular incident where a power outage at the AU resulted in a Network issue which the Chinese technicians move swiftly to resolve.
This is not the first time Beijing’s involvement is coming into focus. In 2018, French Newspaper Le Monde reported that AU employees had discovered that the servers at the new conference centre were sending copies of their contents to Shanghai every night. They also discovered that the entire building was bugged with listening devices.
The AU and the Chinese government both denied the allegations at the time. However, Reuters reports that a former AU official corroborated the French Newspaper’s article, saying that AU officials had been put on high alert over cyber-espionage.
The former official said that just like the 2018 incident regarding listening devices, this too would be swept under the carpet.
“Attacking the Chinese, for us, it’s a very bad idea,” he said.” he said.