By Shadrack Nyakoe
The government has confirmed that it has contained a series of hacker attacks on several state websites early Monday, and most digital services have since been restored.
In a statement issued Monday, the State Department for Internal Security reported that a number of platforms were briefly unavailable due to a “cybersecurity incident” attributed to a group identifying itself as ‘PCP@Kenya’.
The government said it activated a multi-agency incident response team, bringing together specialists from the National KE-CIRT/CC, the National Computer and Cybercrimes Coordination Committee (NC4), and other security agencies, to stop the intrusion, evaluate its impact, and restore affected services.
“The situation has since been contained, and the systems are under continuous monitoring,” said Interior Principal Secretary Raymond Omollo, who also chairs NC4.
He noted that the government has implemented enhanced defensive measures to prevent similar incidents, adding that the attack highlights the increasing sophistication of cyber threats targeting national digital infrastructure.
“Our priority is to strengthen layered defences, boost readiness, and ensure that any attempt is detected early, contained swiftly, neutralised effectively, and its impact minimised,” said Omollo.
Authorities urged institutions and members of the public to remain alert and report any suspicious online activity, reminding them that cyberattacks violate the Computer Misuse and Cybercrimes Act, the Kenya Information and Communications Act, and the Data Protection Act.
Omollo reiterated that despite the attempted breach, the government remains committed to protecting national systems as it accelerates its digital transformation agenda.
Investigations into the identity and motives of the group calling itself ‘PCP@Kenya’ are ongoing, with the government promising to prosecute any individuals found responsible.
Earlier on Monday, Nairobi witnessed a coordinated cyberattack that disrupted multiple Kenyan government websites, temporarily crippling access to key public services before government technicians moved in to restore the affected platforms.
The breach began in the early hours of November 17, 2025 morning when users attempting to access routine services on various government websites found pages either offline or displaying unfamiliar content. By mid-morning, platforms belonging to the Ministries of Education, ICT, Health, Labour, Environment, Tourism, Interior, and even State House had been compromised.
Initial checks by The Times showed that the attackers had defaced several sites, replacing official information with digital graffiti and extremist slogans. Messages such as “Access denied by PCP” and “We will rise again” appeared across multiple pages, alongside white supremacist codes including 14:88, a number commonly associated with neo-Nazi ideology.
As more reports surfaced, it became clear the intrusion extended beyond national ministries. Critical platforms under the Immigration Department, the Directorate of Public Private Partnerships, and the Nairobi County government also showed signs of tampering, widening the scope and seriousness of the attack. Notably, some key institutions, including the National Treasury and the Ministry of Defense appeared unaffected, raising questions about the attackers’ objectives and selection of targets.
Throughout the day, technicians and cybersecurity teams from the ICT ministry and allied agencies worked to contain the breach, isolate compromised systems, and initiate restoration procedures.
