Major Disruption Across Ministries

NAIROBI—Dozens of Kenyan government websites, including those of State House and several key ministries, were rendered inaccessible on the morning of Monday, November 17, 2025, after a coordinated cyberattack. Visitors to the compromised sites were met with white supremacist and neo-Nazi slogans, such as “Access denied by PCP,” “We will rise again,” “White power worldwide,” and “14:88 Heil Hitler,” a numeric code associated with extremist ideology. The incident caused significant disruption, preventing citizens from accessing routine government information and services for several hours.

The attack impacted a wide array of government bodies. According to multiple media reports, affected ministries included Interior, Health, Education, Labour, Energy, Water, ICT, and Tourism. Critical state agencies such as the Directorate of Criminal Investigations (DCI), the Immigration Department, and the Government Press also had their websites defaced. The official portal for the Hustler Fund and the Nairobi County website were also compromised in the breach. However, essential platforms like the eCitizen portal and the National Transport and Safety Authority (NTSA) website remained operational, preventing a total shutdown of digital public services.

Government Response and Investigation

In a statement issued on Monday, the government confirmed the breach and announced that services had been restored. The State Department for Internal Security attributed the attack to a group identifying itself as ‘PCP@Kenya’. Interior Principal Secretary Dr. Raymond Omollo, who also chairs the National Computer and Cybercrimes Coordination Committee (NC4), stated that a multi-agency incident response team was immediately activated to manage the situation. This team, comprising experts from the National KE-CIRT/CC and other security units, worked to contain the intrusion and restore the affected platforms.

“The situation has since been contained, and the systems are under continuous monitoring,” PS Omollo said on Monday. He added that enhanced defensive measures were being deployed to prevent future breaches, acknowledging the growing sophistication of threats against national digital infrastructure. The government has launched a formal investigation into the identity and motives of the hacking group. As of late Monday, no group had officially claimed responsibility beyond the name left on the defaced sites, and the full extent of the breach, particularly whether any government data was accessed or stolen, remains a subject of the ongoing investigation. FURTHER INVESTIGATION REQUIRED.

A Pattern of Escalating Cyber Threats

This incident is the latest in a series of high-profile cyberattacks targeting Kenya, highlighting the nation's vulnerability as it pursues an aggressive digital transformation agenda. In July 2023, a pro-Russian hacking group known as 'Anonymous Sudan' claimed responsibility for a major Distributed Denial-of-Service (DDoS) attack that crippled the eCitizen platform and other private sector websites, including mobile money and banking services. That attack was framed as retaliation for Kenya's perceived interference in Sudanese affairs.

The Communications Authority of Kenya (CA) has documented a dramatic rise in cyber threats. Between July 2022 and June 2023, the National KE-CIRT/CC detected over 855 million cyber threats, placing Kenya among the top three most targeted countries in the region alongside South Africa and Nigeria. More recent data from the CA indicated that cybercrime incidents surged to a record 8.6 billion in the year ending June 2025, more than doubling from the previous year. Experts attribute this sharp increase to factors including the migration of essential services online, low user awareness, and the use of artificial intelligence by cybercriminals to launch more sophisticated attacks.

The repeated breaches underscore the critical challenge facing the government in securing its digital assets. While Kenya has established a legal and institutional framework for cybersecurity, including the Computer Misuse and Cybercrimes Act of 2018 and the multi-agency NC4, the effectiveness of these measures is being severely tested. This latest defacement attack serves as a stark reminder of the persistent and evolving threats to the nation's critical information infrastructure and the urgent need for continuous investment in robust, multi-layered cybersecurity defenses to protect both government systems and the data of Kenyan citizens.