Hackers have struck again in Kenya, this time targeting the Micro and Small Enterprise Authority (MSEA) and putting sensitive government data up for sale on the Dark Web.
The scale of this invasion is quite alarming. The cybercriminals behind the attack are offering live access to the agency’s backup data and selling the entire backend database for 100,000 USD (roughly Ksh. 12,973,000). Sadly, this is not an isolated incident but part of a terrifying trend that has seen Kenya experience over 860 million cyberattack incidents in just one year.
To make matters worse, the hackers have connections to critical financial infrastructure, citing NLSBanking.com, a software provider serving over 20 financial institutions across Africa and Asia. Major banks like NIC Bank, National Bank of Kenya, Sidian Bank, SBM Bank, KWFT, and even Sheria Sacco could potentially have their sensitive systems compromised, putting countless individuals’ financial information at risk.
Recent months have seen a disturbing pattern of cyber warfare targeting Kenya. In July, a pro-Russian hacking group known as Anonymous Sudan crippled over 5,000 online government services, disrupting everything from visa applications to mobile money transactions.
Between November 2023 and April 2024, suspected Chinese hackers targeted government agencies in a series of calculated attacks that exposed critical vulnerabilities in the country’s digital defenses. Less than a week ago, a joint mission by INTERPOL and AFRIPOL exposed over 134,000 malicious networks in Africa, with over a dozen arrests and $8.6 million in stolen funds in Kenya alone.
Therefore, the MSEA breach is more than just a single security failure. If anything, it’s a glaring warning signal about the urgent need for better cybersecurity infrastructure. Given how rapidly the Kenyan government has been adopting digitization within agencies, it shouldn’t come as a surprise that there are tons of cybercriminals out there who view government and financial systems as prime targets for exploitation.