Kenya Records 842 Million Cyber Threats in Q3 2025, Government Among Top Targets
The majority of these threats exploited system vulnerabilities, attributed to factors such as inadequate patching of systems, limited user awareness of phishing and social engineering attacks, and the increasing use of AI-driven and machine learning-based cyberattacks.
The National KE-CIRT/CC has released its 39th edition of the Cyber Security Report, covering the period from July to September 2025. The report provides a detailed overview of the cyber threats targeting Kenya’s government and other critical information infrastructure during this time.
During this three-month period, KE-CIRT/CC detected a total of 842,320,667 cyber threat events, marking an 81.64% decrease from the previous reporting period. The majority of these threats exploited system vulnerabilities, attributed to factors such as inadequate patching of systems, limited user awareness of phishing and social engineering attacks, and the increasing use of AI-driven and machine learning-based cyberattacks.
The government sector emerged as one of the most affected, alongside Internet Service Providers, Cloud Service Providers, and academic institutions. The attacks mainly targeted end-user devices, Internet of Things (IoT) networks, web applications, and networking devices. Among the key threat vectors affecting government systems, web application attacks, advanced persistent threats (APTs), and malware attacks were the most significant.
Web application attacks on government systems numbered 10,417,253 attempts. These attacks aimed to disrupt service availability, manipulate or compromise databases, and access sensitive information. Attackers primarily targeted user login credentials, vulnerable web browsers, and government database servers, often exploiting weaknesses in SSL/TLS configurations to intercept confidential data.
APTs continued to pose a long-term threat to critical infrastructure. These stealthy attacks involved network infiltration for espionage and data theft. Attackers employed spear-phishing emails, zero-day vulnerabilities, and supply chain compromises to gain access to government systems and other critical targets across the region.
Malware attacks were also widespread, with 31,676,444 detected incidents. These attacks targeted known system vulnerabilities and sought to encrypt or corrupt data, damage reputations, and deploy backdoors for persistent access. Contributing factors included unpatched systems, social engineering, phishing campaigns, and the growing use of Cybercrime-as-a-Service models.
The report also noted that Kenya’s cyber threat landscape mirrored global trends. Ransomware attacks intensified against critical infrastructure and public services, while AI-driven phishing campaigns and social engineering attacks became more personalized. Distributed Denial-of-Service (DDoS) attacks leveraging IoT botnets were also prevalent, sometimes combined with ransomware to exert additional pressure on targets.
To mitigate these threats, KE-CIRT/CC issued nearly 20 million cyber threat advisories, an increase of 15.53% from the previous quarter. Recommendations included regular system patching, enforcing strong password policies and multi-factor authentication, updating or disabling outdated software, improving end-user cyber hygiene, and adopting phishing-resistant authentication methods. For defending against APTs, the report emphasized network segmentation, threat intelligence sharing, and early detection through behavioral monitoring.
The KE-CIRT/CC report underscores the evolving and persistent nature of cyber threats in Kenya, highlighting the need for continued vigilance, proactive defenses, and comprehensive cybersecurity practices across government and other critical sectors.
