Cyber Incident Victim: Kenya

On May 11, 2015, the official website of Kenyan President Uhuru Kenyatta (president.go.ke) was compromised by the Indonesian hacking group Gantengers Crew. The attackers replaced the homepage with a defacement page displaying their group name and member aliases: SultanHaikal, d3b~X, Brian Kamikaze, Coupdegrace, Mdn_newbie, and NG689Skwng689skwyahoocom. The defacement did not specify any political grievances or demands, consistent with the group’s prior operations. The incident was publicly documented through a mirror archived on Zone-H (ID 24287890), a platform commonly used to validate website compromises. Technical details regarding the attack vector or initial access method were not disclosed in available reporting. The Kenyan government restored the website to normal functionality by the time HackRead published its article about the breach later that day, though no official statement from Kenyan authorities was referenced.

Gantengers Crew claimed responsibility for the intrusion during an exclusive interview with HackRead, stating their primary motive was to demonstrate governmental vulnerability by asserting, “The govts should know their servers are never secure from us.” This incident aligned with the group’s pattern of high-profile defacements, including an attack on MasterCard’s website on April 29, 2015, and prior breaches targeting the Australian National University, WWF, and Earth Hour Philippines in 2014. The Kenyan presidential website hack showcased the group’s continued focus on symbolic targets rather than financial theft or data exfiltration. No secondary impacts, such as data leaks or service disruptions beyond the temporary homepage replacement, were reported. The swift restoration suggested existing incident response protocols mitigated prolonged downtime, though no technical remediation details were publicly confirmed.