Racial Hacktivism Targets Kenyan Government

Executive Summary

Racially motivated hacktivists targeted Kenyan e-government websites, defacing pages with white supremacist messages, and denying access to critical public services. Citizens were directly affected, facing disruptions, potential financial repercussions, and increased exposure of sensitive information. The Kenyan government mitigated the threat using a comprehensive incident response plan, which aided in the restoration of services. Preventative measures such as multi-factor authentication (MFA), system updates, and secure e-government systems are necessary to protect citizens’ daily lives and preserve confidence in digital public services. 

Background

Kenyan government websites were the target of cyber attacks promoting white supremacist messages. On November 17, 2025, multiple critical e-government websites in Kenya were made unserviceable by a self-proclaimed hacking group, PCP@Kenya [2]. When users attempted to access these web pages, they would be greeted with denied access, white supremacist messages, and credit to the mentioned group. All government sites are now operational again, just one day after the initial attacks took place.

While there is a lack of information on the PCP@Kenya group, the motivation behind the attack can be attributed to hacktivism. Due to the lack of financial gain for the group, and the common trait of defacing websites with justice or political messages. These online protests are commonly executed using denial-of-service (DoS) attacks, which flood traffic into systems to make them inaccessible and have been rising in popularity with current geopolitical tension [4]. As we can see from this attack on Kenya, these campaigns can go further than just peaceful protests and can create physical world disruptions for entire countries. 

Impact

Online attacks on public services disproportionately affect citizens and their daily lives. When access to essential services is disrupted, it can lead to negative financial repercussions and increase the risk of sensitive information being exposed. Also, the impact on the trust and confidence of the government and its platforms has the potential to amplify the message of threat actors [1]. These impacts highlight how vulnerabilities in e-government services can translate into widespread repercussions for society and public trust. 

Mitigation

When dealing with acts of hacktivism, there is no single approach due to the motivation being a sharing of ideology, which means that they can remain committed even when faced with stronger defences. Something that the Kenyan government was prepared with was a proper incident response plan, which they used to get their systems working in a decent time frame. Implementing deterrents such as MFA, keeping systems up to date, and conducting security audits can be used as preventative measures to protect the availability of online government services [3]. Addressing hacktivism requires an approach that balances preventative measures with a comprehensive response plan to manage threats that are ideologically motivated and unpredictable. 

Relevance

Recent modern hacktivist campaigns have quickly escalated from a form of online protest to impactful disruptions of national security and digital infrastructure. With governments increasingly relying on online services to provide essential services, attacks that are ideologically motivated present a unique challenge. This attack on Kenyan websites shows the vulnerability of e-government systems to defacement and messaging campaigns which aim to target availability and societal stability. Understanding the motivations, impacts, and possible mitigations associated with digital activist groups is essential to strengthening government resilience. 

References

[1] CyberPeace Institute. (2023). Public administration and defence; compulsory social security. CyberPeace Institute. https://cyberconflicts.cyberpeaceinstitute.org/impact/sectors/public-administration

[2] Greig, J. (2025, November 17). Kenyan gov’t websites back online after hackers deface pages with white supremacist messages. The Record. https://therecord.media/kenyan-gov-websites-back-hack

[3] MeriTalk. (2024, November 12). The Rise of Cyberattacks on the Public Sector. MeriTalk. https://www.meritalk.com/cyberattacks-on-public-sector-websites-meritalk/

[4] Zafra, D. (2025, May 26). Hacktivism Reborn: How a Fading Cyber Threat Has Become a Modern Battleground. Infosecurity Magazine. https://www.infosecurity-magazine.com/opinions/hacktivism-reborn-modern/