Kenya Tops East Africa In DDoS Attacks

No photo availableCIO Africa authorByKevin Namunwa
4 min read
Kenya has once again emerged as the East African nation most targeted by Distributed Denial of Service (DDoS) attacks in the first half of 2025, according to a NETSCOUT report
Nairobi, the Capital City of Kenya.
Nairobi, the Capital City of Kenya.

Kenya has once again emerged as the East African nation most targeted by Distributed Denial of Service (DDoS) attacks in the first half of 2025, according to the latest global threat intelligence report from NETSCOUT Systems, Inc. The country ranked third overall in Africa, trailing only South Africa and Morocco.

Bryan Hamman, Regional Director for Africa at NETSCOUT, noted that the evolving digital landscape across East Africa continues to shape the focus of cyber attackers.

“When we look at Kenya, Uganda, Tanzania, Seychelles, Madagascar, Djibouti and South Sudan, it becomes apparent that as the digital landscape evolves across the region, so too do the top targeted sectors across each country,” he explained.

“This shows the adaptability and focus of DDoS attackers and their readiness to shift strategies as they pursue new victims,” Hamman added. “Across East Africa, we’re seeing increasing aim being taken at sectors that might not be fully established yet but are still up-and-coming, as well as traditional targets such as the telecommunications sector.”

Kenya recorded 46,786 DDoS attacks in the first six months of 2025, the highest in East Africa. The most affected industries included wired telecommunications (20,349 attacks), wireless telecommunications carriers (15,919), and computer-related services (8,730).

Although attacks on financial institutions and hospitality players were fewer, Hamman pointed out that their inclusion is significant.

“The presence of other sectors, such as clothing retailers and hotels, shows the flexibility of DDoS attackers and their willingness to test areas of weakness. This adaptability should not be underestimated,” he said.

The most complex single attack in Kenya involved 23 unique vectors, with the largest incident reaching 78.3 Gbps and 15.49 Mpps.

Uganda and Tanzania See Decline in Attacks

Uganda reported a sharp drop in DDoS attacks, recording 881 incidents compared to 6,145 in the second half of 2024. The largest reached 119.34 Gbps and 13.22 Mpps, primarily targeting wireless communications (357 incidents) and computing infrastructure providers (234).

Tanzania also experienced a decline, with 326 attacks, down nearly half from 531 in the previous period. Computing infrastructure and web hosting services were the main targets (94 attacks), followed by wireless telecommunications carriers (11). The largest assault reached 0.47 Gbps and 0.13 Mpps, involving up to eight attack vectors.

“Even though there may be only a handful of strikes on a particular sector, this reiterates threat actors’ attention to regional detail,” Hamman said. “No sector should regard itself as able to fly under the radar.”

Djibouti and the Island Nations Face Heightened Activity

In contrast, Djibouti saw an increase in attacks, with 3,172 incidents, up from 2,860 in late 2024. Nearly all targeted wireless telecommunications carriers, reflecting the country’s critical role as a regional connectivity hub. “Djibouti is home to ten submarine cables and serves as a gateway for digital communication across East Africa. Threat actors clearly recognise its strategic importance,” Hamman said.

Seychelles experienced a near doubling of incidents, from 386 to 674 attacks, with computing infrastructure and web hosting services most affected (305 attacks). The largest hit reached 88.38 Gbps, a significant rise from the previous period.

Madagascar recorded 368 incidents, mostly targeting computing infrastructure (333 attacks), while South Sudan saw 1,439 attacks, peaking at 3.36 Gbps and involving up to nine vectors. “The average duration was just eight minutes, suggesting attackers are testing systems rather than sustaining long-term offensives,” Hamman observed.

Telecoms and Infrastructure Remain Prime Targets

Across East Africa, the telecommunications sector, both wired and wireless, remains the most targeted by volume and impact. Computer-related services and financial institutions also continue to face increasing threats.

“These are critical infrastructure providers, and disruption here can have significant ripple effects,” Hamman said. “Prolonged, multi-vector attacks demonstrate that adversaries are persistent and willing to combine methods to overwhelm their targets.”

As DDoS attacks evolve, Hamman urged organisations to remain vigilant. “There’s no end in sight for these onslaughts. Organisations must adopt proactive defence strategies to protect their critical infrastructure. NETSCOUT provides intelligent threat mitigation and real-time visibility to help them stay constantly on guard,” he concluded.

Leave a Reply

Your email address will not be published.

Do you have a story that you think would interest our readers? Write to us editorial@cioafrica.co