The Kenyan government suffered a coordinated cyberattack earlier this morning that took down dozens of official websites across multiple ministries and state agencies.
The attack targeted some of the country’s most essential government services, hitting the ministries of Health, Education, Labour, Environment, ICT, Tourism, Energy, Water, and Interior.
State House’s website went offline, along with critical agencies including the Directorate of Criminal Investigations, the Immigration Department, the Directorate of Public-Private Partnerships, and the Government Press. The Hustler Fund portal and Nairobi County’s website also went dark.
Visitors to the compromised sites encountered defaced pages displaying white supremacist messages. The attackers left four distinct messages: “Access denied by PCP,” “We will rise again,” “White power worldwide,” and “14:88 Heil Hitler.”
The numeric code “14:88” is a well-known neo-Nazi reference combining two white supremacist slogans.
The defacement tactic involved replacing legitimate government content with the obscene messages. This left thousands of Kenyans unable to access routine government services throughout the morning.
As of the time of publishing, no group has claimed responsibility for the cyberattack. Neither the government nor any of the affected ministries and agencies have issued official statements about the breach or provided timelines for restoration of services.
Fortunately, digital services on crucial platforms such as eCitizen and NTSA are still operational.
This is not the first time government websites have been attacked, but the scale of this breach raises serious concerns about the cybersecurity state of the country’s agencies.
The fact that several independent platforms across different parts of the government were compromised at the same time makes the situation even more worrying.
UPDATE
The Ministry of Interior and National Administration has confirmed the cyberattack and revealed that immediate response and recovery measures have been activated, with coordination from relevant stakeholders to contain the attack.
Access to affected systems has since been restored, and continuous monitoring is in place to prevent further disruptions.
The government has urged the public and institutions to remain vigilant and report any suspicious cyber activity to designated authorities, including the National KE-CIRT/CC, NC4, and the Directorate of Criminal Investigations.
Interior Ministry PS Raymond Omollo emphasized that this attack violates Kenyan law, including the Computer Misuse and Cybercrimes Act, and warned that perpetrators will face the full force of the law.
Updated at 1606hrs
