Chinese, Russian Partnerships in South Africa Should Extend to the Cyber Realm, says Trellix
While informal collectives of ‘friendly’ nations, like the BRICS group, have met several times to discuss ways of cooperating on the global state over the years, these friendships do often have their limits. This is evident where, whether by intention or omission, little action has been taken by the governments of China and Russia to protect South Africa from the less visible but critical threats of cybercrime and political disinformation.
For example, in the last six months, Trellix, through its extended detection and response (XDR) framework that combines artificial intelligence, machine learning, and automation, identified that most threat actors conducting cybercrime campaigns in South Africa appear to reside in China or Russia – where both governments seemingly turn a blind eye to operators within their own jurisdictions as long as they don’t focus their attacks on victims within their own borders. These threat actors included Mustang Panda, APT10 in China, and APT28 and APT29 in Russia.
Russia took this reluctance to prosecute external cybercrime further in its 2021 proposal for the United Nations Treaty on Cybercrime. Its Article 33 on the ‘collection of information transmitted by means of ICT’ refers to the interception of content and other data but is not precise enough to limit interception to serious crimes.
In its quest for cyber sovereignty, China’s 2017 ‘International Strategy of Cooperation on Cyberspace’ stresses that ‘countries should respect each other’s right to choose their own path of cyber development, model of cyber regulation and internet public policies, and participate in international cyberspace governance on an equal footing.
However, the United States Cybersecurity and Infrastructure Security Agency believes that the Chinese government engages in malicious cyber activities to pursue national interests. Malicious cyber activities attributed to the Chinese government targeted and continue to target various industries, including healthcare, financial services, defence, energy government facilities, critical manufacturing, communications, education, and other organisations.
It's not just in the cybercrime realm that malicious digital activity has been traced to Russia. The Africa Centre for Strategic Studies revealed the country’s model of disinformation to gain political influence in Africa, including the #IStandWithPutin and #IStandWithRussia campaigns in early 2022, seen in South Africa, Ghana, and Nigeria.
Meanwhile, sizeable investments into South Africa’s critical infrastructure were being made by both China and Russia during this same period – raising some red flags about their potential access to our country’s vital systems.
“There are so many positive outcomes and benefits that have been seen through South Africa’s alliance to BRICS countries such as Russia and China,” says Carlo Bolzonello, country lead for Trellix in South Africa. “In time, we hope to see mutual support in the fight against cybercrime and disinformation become part of the close relationships with these nations that we’ve forged.”
"Friends must act as friends, and China and Russia could go far to avoid the label of ‘frenemy’ by helping us protect ourselves from political interference and cybercrime,” says Carlo Bolzonello, country lead for Trellix in South Africa. “The Chinese and Russian governments and corporate entities should extend the cooperation they have exhibited in extensive physical and digital infrastructure projects to support Cape Town’s efforts to confront the cybercrime and political disinformation striking South Africa from within their borders.”
The impact of this malicious activity extends from national political implications to the havoc that cybercriminals can wreak on businesses and state organisations – even having real potential to topple economies, whether it’s through ransomware that could cripple an organisation operationally and financially, or through industrial espionage that could give a foreign business a competitive advantage in bidding for a state contract,” he explains.
Against this context, any organisation operating in South Africa must take every measure possible to invest in platforms and tools that offer a holistic cybersecurity ecosystem that consolidates all security products into an interconnected, constantly communicating platform that always learns and adapts to new threats.
“Organisations operating on this geopolitical landscape must make themselves more aware of the immense cybersecurity risks and threat campaigns confronting them,” Bolzonello continues.. “They must also insist on compliance with POPIA and GDPR and require any entities with which they interact in an operational capacity subscribe to a similar or better approach to cybersecurity.”
