Cyber Incident Victim: Kenya Petroleum Refineries Limited
Date:
Mar 2016
Location:
Kenya
Summary
Anonymous hackers targeted Kenya Petroleum Refineries Limited, defacing its website with Rick Astley's "Never Gonna Give You Up" video as part of their #OpAfrica anti-corporate campaign. The action highlighted security vulnerabilities without breaching databases or stealing data, serving as both a troll and a warning to the petroleum company—previously owned by Shell, BP, and Chevron, now under Essar Group—regarding inadequate cybersecurity protections. The incident aligned with Anonymous's broader efforts to expose perceived corporate abuses and profit-driven misconduct.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 29, 2016, at approximately 13:50 local time, the hacktivist collective Anonymous executed a website defacement against Kenya Petroleum Refineries Limited (KPRL) as part of their ongoing #OpAfrica campaign. This operation aligned with Anonymous’ broader anti-corporate initiatives, including the reactivated #OpCanary, which targeted entities accused of prioritizing profits over ethical practices. KPRL, originally established by Shell and BP to supply oil products across East Africa, had transitioned through ownership by Chevron before being acquired by India’s Essar Group. The attackers compromised a webpage on the company’s site, replacing its original content with an embedded video of Rick Astley’s 1987 song “Never Gonna Give You Up” – a deliberate act of internet trolling known as “rickrolling.” Anonymous did not access or exfiltrate data from backend systems or databases, limiting the intrusion to superficial website alterations. The defacement served as a public demonstration of the site’s security vulnerabilities, emphasizing the attackers’ ability to modify page content.
The incident’s primary impact was reputational, exposing vulnerabilities in KPRL’s digital infrastructure while drawing attention to Anonymous’ critique of corporate entities operating in Africa. No operational disruptions to refinery functions or fuel supply chains were reported, as the compromise affected only the public-facing website. The defacement mirrored tactics used two days prior against a Canadian mining firm during #OpCanary, reinforcing Anonymous’ pattern of symbolic digital protests against multinational corporations. The Rick Astley video functioned as both a cultural meme and a security taunt, implying that the company’s cybersecurity measures were insufficient to prevent even non-destructive intrusions. While the attack did not involve financial theft, data breaches, or destructive malware, it underscored the publicity-focused nature of Anonymous’ operations during this phase of #OpAfrica. Historical context from the article indicates this event was one of multiple defacements Anonymous conducted to highlight alleged corporate abuses in resource exploitation across the continent.