President William Ruto’s official website has been hacked in a coordinated cyberattack that targeted several Kenyan government platforms. Authorities say the incident was contained, with no evidence of sensitive data being stolen.
Table of Contents
What Happened During the Cyberattack?
Kenya’s official presidential website, president.go.ke, was among several government portals targeted in a coordinated cyberattack that temporarily disrupted online public services. The incident affected multiple ministries and state agencies, with visitors finding some websites inaccessible after hackers carried out a website defacement attack.
Authorities said the attackers replaced parts of the websites with unauthorized content before government cybersecurity teams moved swiftly to contain the incident and restore services.
Which Government Websites Were Affected?
Besides the Presidency’s website, the attack disrupted websites belonging to the Ministries of Interior, Health, Education, Labour, ICT, Health, Tourism, and several other government institutions. Agencies including the Directorate of Criminal Investigations (DCI) and the Hustler Fund platform were also temporarily affected before services were restored.

Who Was Behind the Attack?
Kenyan authorities attributed the attack to a group identifying itself as PCP@Kenya. The hackers replaced website content with extremist propaganda and ideological messages, including slogans promoting white supremacist ideology.
Some of the defaced pages also contained links to a Telegram channel and other messages intended to attract public attention.
Did the Hackers Demand a Ransom?
While the Kenyan government has not officially confirmed receiving a ransom demand, claims circulating on social media allege that the attackers demanded KSh 41 million in exchange for restoring the affected systems.
As of the time of publication, no credible evidence has been provided to verify the alleged demand, and government officials have neither confirmed nor acknowledged it. Investigators are still working to establish the full motive behind the attack, with early indications suggesting it was primarily a politically or ideologically motivated defacement campaign rather than a financially driven ransomware operation.

What Has the Government Said?
The government confirmed that the cyberattack was quickly contained and that affected websites were restored within hours. Officials said cybersecurity teams immediately launched investigations while strengthening monitoring across government digital infrastructure.
Authorities described the attack as a violation of the Computer Misuse and Cybercrimes Act, the Kenya Information and Communications Act, and the Data Protection Act, warning that those responsible would face legal action once identified.
The public was advised to remain vigilant, avoid interacting with suspicious websites during the disruption, and report any suspected cyber incidents to the National KE-CIRT, the National Cyber Command Centre (NC4), or the Directorate of Criminal Investigations.
Read more details here
Was Any Sensitive Information Stolen?
According to the government, there is no evidence that confidential government or personal data was accessed, altered, or leaked during the incident. Officials maintained that the attack was limited to website defacement and temporary disruption of online services, with no confirmed compromise of government databases.
A Wake-Up Call for Kenya’s CybersecurityAlthough the affected websites were restored within hours, the cyberattack has renewed concerns about the security of Kenya’s digital infrastructure. The incident highlights the increasing sophistication of cyber threats targeting government institutions and underscores the importance of strengthening cybersecurity defenses, conducting regular security audits, and improving rapid incident response capabilities as Kenya continues to expand its digital public services.


