The Ministry of Interior and National Administration has confirmed a cyber-attack on several major government websites on Monday, adding that the breach has since been contained.
In a statement, Interior Principal Secretary Raymond Omollo said the Ministry moved swiftly to counter the attack after initial investigations indicated it had been carried out by a group identifying itself as PCP@Kenya.
The government activated a multi-agency incident response team--comprising experts from National KE-CIRT/CC, the National Computer and Cybercrimes Coordination Committee (NC4), and other security units--to halt the intrusion, assess the impact and restore services.
"Following the incident, we immediately activated our incident response and recovery procedures, working closely with relevant stakeholders to mitigate the impact and restore access to the affected platforms," said Omollo in the statement seen by Julisha.co.ke
"The situation has since been contained, and the systems are under continuous monitoring. Our focus is on building layered defences, improving readiness, and ensuring that any attempt is detected early, contained quickly, neutralised decisively, and its impact minimised."
The Ps, added that the government had deployed enhanced defensive measures to prevent similar breaches, noting that the incident reflects the growing sophistication of cyber threats targeting national digital infrastructure.
"Our focus is on building layered defences, improving readiness, and ensuring that any attempt [is] detected early, contained quickly, neutralized decisively, and its impact minimized," Omollo said.
Omollo also urged Kenyans to report any suspicious cyber-related activity to the relevant authorities, including the Directorate of Criminal Investigations (DCI). He added that those behind the attack will face the full force of the law.
Investigations into the identity and motive of the 'PCP@Kenya' group are ongoing with the government vowing prosecutions on individual found culpable.
"We assure the public of our continued commitment to the national digital transformation agenda and the security of the national digital infrastructure. We remain focused on enhancing cyber resilience through strengthened capabilities, improved coordination, and sustained collaboration with the private sector and other stakeholders," the PS said.
A spot check by Julisha Media earlier on Monday showed that websites belonging to the Education, ICT, Health, Labour, Environment, Tourism and Interior ministries, as well as State House, were among those targeted.
Other affected sites included the Immigration Department, the Directorate of Public Private Partnerships, and the Nairobi County website.
The cyberattack defaced the websites, altering both their visual appearance and content.
Messages left by the attackers included: "Access denied by PCP", "We will rise again", "White power worldwide", and "14:88 Heil Hitler".
According to cybersecurity experts, "14:88 Heil Hitler" is a white supremacist slogan, with "14" referring to the "14 words" used by extremist groups and "88" coded as "HH," meaning "Heil Hitler," indicating an ideological motive behind the attacks.
The attack, comes as Kenya’s digital space faces mounting pressure from tech-savvy hackers who are increasingly using artificial intelligence (AI) to launch more sophisticated cyberattacks.
Data from the Communications Authority of Kenya (CA) reveals the country recorded 842.3 million cyber threat detections between July and September 2025, a 28 per cent increase compared to 657.8 million incidents logged over the same period last year.
As the attacks intensify, there's a shortage of cybersecurity experts in the country. Findings show that universities are producing an average of only 1,500 graduates annually, far below the 45,000 positions available in the sector. Reports also indicate graduates lack the practical skills demanded by employers, leaving organisations vulnerable to attacks.
There's also a crippling 96 per cent skills gap, particularly in specialised areas such as digital forensics and incident response, essential for investigating and recovering from attacks. Demand for software security architects, cloud security specialists, and DevSecOps engineers far exceeds supply.
