Cyber Incident Victim: Central Bank of Kenya

On May 6-7, 2016, the Central Bank of Kenya experienced a distributed denial-of-service (DDoS) attack as part of a coordinated campaign by the hacktivist collective Anonymous and their affiliate Ghost Squad Hackers. The attack targeted the bank’s public-facing website, rendering it temporarily inaccessible to users. This incident occurred within a broader wave of cyberattacks dubbed “Operation Icarus,” which Anonymous had announced on May 4 via a video warning the global banking sector of impending disruptions. The group cited opposition to financial corruption and institutional power as motivations, explicitly linking some targets—such as the National Bank of Panama—to the Panama Papers leaks that exposed offshore financial activities of political elites.

The Central Bank of Kenya’s website was among eight international banking entities confirmed to have been disrupted during the initial phase of Operation Icarus. While the Central Bank of the Dominican Republic, Dutch Central Bank, and others were hit on May 6, the Kenyan bank’s outage occurred on May 7. Anonymous claimed responsibility for these attacks, which overwhelmed the banks’ web servers with traffic, though no data breaches or internal system compromises were reported. By the time of media reporting, all affected banking websites, including Kenya’s, had been restored to normal operation. The incident highlighted broader vulnerabilities in the financial sector, which had recently faced high-profile cyber incidents like the Bangladesh Bank heist and the Qatar National Bank data leak. Anonymous published a list of 160 additional financial institutions—including major entities like the World Bank and IMF—as potential future targets, though no further disruptions to the Central Bank of Kenya were documented in the immediate aftermath.