The National KE-CIRT/CC has released its 39th edition of the Cyber Security Report, covering the period from July to September 2025. The report provides a detailed overview of the cyber threats targeting Kenya's government and other critical information infrastructure during this time.
During this three-month period, KE-CIRT/CC detected a total of 842,320,667 cyber threat events, marking an 81.64 decrease from the previous reporting period. The majority of these threats exploited system vulnerabilities, attributed to factors such as inadequate patching of systems, limited user awareness of phishing and social engineering attacks, and the increasing use of AI-driven and machine learning-based cyberattacks.
The government sector emerged as one of the most affected, alongside Internet Service Providers, Cloud Service Providers, and academic institutions. The attacks mainly targeted end-user devices, Internet of Things IoT networks, web applications, and networking devices. Among the key threat vectors affecting government systems, web application attacks, advanced persistent threats APTs, and malware attacks were the most significant.
