The government of Kenya has been on a path to avail its services on online platforms. One of its platforms, the Integrated Financial Management Information System (IFMIS), was devised back in 2014 to allow tender applicants and suppliers who want to do business with the government submit their applications without making a physical appearance at government offices. This move was lauded for dropping the need to ‘know people’ prior to applying for a tender.
Now, it appears that the IFMIS platform has been defaced by hackers. The intruders left a series of incomprehensible text on the site, and disabled or broke its functionality. The website, which is currently undergoing maintenance, has a large logo plastered on it by a team calling itself Kurd Electronic Team. It has also been reported that the site didn’t have any SSL certificate prior to the back.
I have also learned that the government procurement portal linked from IFMIS site is down as well.
It’s possible the team behind IFMIS is at work to restore service, but the fact that a government website is subject to malicious intrusions doesn’t paint a positive picture, especially to people responsible to safeguard its services.
For the moment, users will have to wait until a fix is rolled out as core functions cannot be accessed.
For more info on Kenya’s Cyber Insecurity, check this post: https://ajulusthoughts.wordpress.com/2019/05/27/kenyas-cyber-insecurity/
Ajulu's Thoughts 
One reply on “Public Services Portal IFMIS Hacked”
[…] Committee’s (NDITC) online page has been defaced by the same hacker group (allegedly) that just intruded IFMIS website. This makes it the second government-related website to see attacks from online criminals who take […]
LikeLike