African Cyber Attacks in 2025

The year 2025 saw a significant increase in cyberattacks targeting African nations, impacting various sectors and raising serious concerns about cybersecurity preparedness. This post examines some significant incidents, their consequences, and the lessons learned. 

Notable Cyber Attacks in 2025

1. Kenya

On 9th February 2025, Kenyan Police Social Media Accounts.

A Kenyan law enforcement agency regained control of its X and Facebook accounts on Feb. 9, just hours after hackers used them to promote a fake cryptocurrency.

Kenya’s Directorate of Criminal Investigations (DCI) announced Feb. 9 that it had regained control of its X and Facebook accounts from hackers. The law enforcement agency confirmed that the cybercriminals used the compromised accounts to promote a fake cryptocurrency. After thwarting the hackers, the DCI said it has launched a “scrupulous” investigation into the criminal activity.

20th May 2025, Kenya- National Security Fund

The Devman hacking group claimed to have breached the Kenya National Social Security Fund, demanding $4.5 million and allegedly exfiltrating 2.5 TB of data. They have threatened to leak the data to the dark web. However, NSSF, in a statement issued on Tuesday, May 20, at dawn, confirmed the intrusion of its crucial data but assured its stakeholders that their data was safe.

2. South Africa

20th March, 2025, South Africa's parliament's social media accounts

Cybercriminals hijacked South Africa's parliament's social media, pushing a fraudulent "Cyril Ramaphosa" Solana crypto. This mirrors recent breaches in Kenya and Tanzania, targeting public platforms to promote scam cryptocurrencies

28th January, 2025, South African Weather Service

The South African Weather Service (SAWS) has confirmed that cybercriminals targeted it twice within two days, with the second attack causing a significant disruption. 

The breach has impacted critical services, including aviation and marine operations. The initial attack, which occurred on Saturday night, was unsuccessful, but the follow-up on Sunday led to the failure of several systems.

3. Morocco

On April 8, 2025, National Social Security Fund(Caisse Nationale de Sécurité Sociale – CNSS)

Morocco‘s social security agency said troves of data were stolen from its systems in a cyberattack this week that leaked personal information on the messaging app Telegram.

The hackers who posted the documents on Telegram said the attack was in response to alleged Moroccan “harassment” of Algeria on social media platforms, pledging additional cyberattacks if Algerian sites were targeted.

4. Ethiopia

29th March 2025, Commercial Bank of Ethiopia

An Android malware was reportedly stealing money from users of the Commercial Bank of Ethiopia. The Bank notified Android users that two active malware apps (Pharma+, CBE Vacancy) were stealing cash from CBE accounts. Menas Cyber Solutions reverse-engineered the malware, uncovered how it works, and explained how users can stay safe.

5. Namibia

10th January 2025, Telecom Namibia.

Telecom Namibia has fallen victim to a ransomware attack by hackers known as Hunters International, resulting in the leak of sensitive customer data, including personal and financial information of high-ranking government officials.

The hackers released the data after the company refused to pay a ransom, with nearly 500,000 records reportedly stolen and some shared on social media. Outgoing President Nangolo Mbumba condemned the attack, calling it a national security issue requiring urgent action.

6. Tanzania

20th May 2025, Public and Private Social Media Accounts.

Tanzania’s Police Social Media and Several Other Public and Private Social Media Accounts Compromised by Unknown Individuals. Several government and prominent institutional social media accounts in Tanzania were compromised. The breaches led to posting various unethical and disinformational, as well as politically linked, messages.

The incident began with the Tanzania Police Force’s official X account, which started posting pornographic images around 5:00 AM. Later, the account was used to livestream false information about the health of a Tanzanian president. As the day progressed, the attackers also compromised the police’s YouTube account, Usalama TV, Simba Sports Club, Tanzania Revenue Authority’s YouTube channel, known as TRA Online TV, YouTube and X accounts of Airtel Tanzania, YouTube channel of the ruling party CCM, University of Dar es Salaam’s YouTube where they continued spreading similar falsehoods.

7. Egypt

27th April 2025, National Social Insurance Authority.

The treat actor “J27DN” claims to have breached Egypt’s National Social Insurance Authority. Egypt’s National Social Insurance Authority data is said to have been breached and leaked on the data web.

DarkEye, a cybersecurity intelligence company, announced on X that they’ve detected a breach of the Authority’s data of over 107,086 records being exposed.  Data includes full names, mother’s names, national ID and insurance numbers, residential addresses, email addresses, phone numbers, and plaintext passwords used on nosi[.gov[.[eg].

8. Ghana

16th May 2025, Ghana Education Service

Ghana's education service and airport system were hacked by the 1722 team, whose data was leaked. Team 1722 is a hacktivist group active in the global cyber threat landscape, known for targeting government, financial, and infrastructure sectors. The group posted a screenshot of the system ges[.]gov[.]gh claiming responsibility for the hack through Telegram.

9. Algeria

20th May 2025, Ferhat Abbas University

The Moroccan hacker group “Phantom Atlas” claimed responsibility today, Tuesday, May 20, 2025, for a series of cyberattacks targeting Ferhat Abbas University in Sétif, Algeria.

In a post disseminated via their Telegram channel, group members asserted that they successfully infiltrated the university’s IT systems and exfiltrated over 3.5 gigabytes of data.

This breach comes amidst an escalating digital confrontation between Moroccan and Algerian hackers, which began with a cyberattack targeting Morocco’s National Social Security Fund (CNSS) in April. 

Impacts of the Attacks

The cyber-attacks had far-reaching impacts on African countries, including: 

• Economic Losses: Disruptions to businesses, financial institutions, and critical infrastructure resulted in significant economic losses.
• Data Breaches: Millions of citizens had their personal and sensitive data exposed, leading to identity theft and fraud.
• Disruption of Services: Essential services, such as healthcare, power, and telecommunications, were disrupted, affecting the daily lives of millions.
• Reputational Damage: Organizations and governments suffered reputational damage, undermining public trust and confidence.
• National Security Concerns: Attacks on critical infrastructure raised serious national security concerns, highlighting the vulnerability of African nations to cyber warfare.

Lessons Learned

The cyberattacks of 2025 provided valuable lessons for African countries and organizations: 

• Increased Cybersecurity Investment: There is a need for increased investment in cybersecurity infrastructure, technologies, and training.
• Strengthening Cybersecurity Regulations: Governments should strengthen cybersecurity regulations and enforce compliance to protect critical infrastructure and data
• Improved Incident Response Capabilities: Organizations must develop and implement robust incident response plans to quickly detect, respond to, and recover from cyberattacks.
• Enhanced Cybersecurity Awareness: Awareness programs must educate employees and the public about cyber threats and best practices.
• International Collaboration: Collaboration with international partners is crucial to share threat intelligence, best practices, and resources to combat cybercrime.

The cyber landscape in Africa is evolving rapidly, and the events of 2025 serve as a wake-up call for governments, organizations, and individuals to prioritize cybersecurity. By learning from these incidents and implementing proactive measures, African nations can strengthen their defenses and mitigate the risks of future cyberattacks.