GK A.I CyberSecurity Scoring
GK
Company Information
Website:https://www.president.go.ke
Employees number:205
Number of followers:825
NAICS:92
Industry Type:Government Administration
Homepage:go.ke
GK Risk Score (AI oriented)
Between 700 and 749
GKGovernment Administration
Updated:
03/04/2026
03/04/2026
717/1000
Moderate
Ba
GK Global Score (TPRM)
xxxx
GKGovernment Administration
Score locked

GKModerate
Current Score
717Ba (MODERATE)
01000
2 incidents
-24 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
721
JUNE 2026
721
MAY 2026
719
APRIL 2026
718
MARCH 2026
717
FEBRUARY 2026
737
Cyber Attack
18 Feb 2026 • GK
Government Entities: Google Disrupts Chinese Hacker Network Behind 53 Telecom, Gov’t Breaches
Google Disrupts Major Chinese State-Linked Cyber Espionage Campaign Targeting Global Telecoms and Governments
716
CRITICAL-21
GOK1772087108
Google Disrupts Major Chinese State-Linked Cyber Espionage Campaign Targeting Global Telecoms and Governments
Google’s Threat Intelligence Group (GTIG), in collaboration with Mandiant and industry partners, has dismantled a large-scale cyber espionage operation attributed to UNC2814, a suspected People’s Republic of China (PRC)-linked threat group active since at least 2017. The campaign breached 53 telecommunications and government entities across 42 countries, with suspected infections in 20 additional nations, spanning Africa, Asia, and the Americas.
### Key Tactics and Tools
UNC2814 deployed a new C-based backdoor, GRIDTIDE, which leveraged Google Sheets as a command-and-control (C2) channel to evade detection. Unlike traditional malware, GRIDTIDE abused legitimate Google Sheets API calls, blending malicious traffic with routine cloud activity. The backdoor could execute shell commands, exfiltrate files, and hide data exchanges within seemingly normal spreadsheet interactions.
The malware relied on a 16-byte cryptographic key stored on compromised hosts to decrypt Google Drive configurations, including service accounts and private keys. It polled specific spreadsheet cells for commands, returning results in small chunks to avoid triggering security alerts.
Initial access often involved exploiting internet-facing systems, such as vulnerable web servers or edge devices. Attackers used SSH and service accounts for lateral movement, deployed SoftEther VPN Bridge for encrypted outbound traffic, and targeted systems containing personally identifiable information (PII), including names, phone numbers, birth details, and national ID numbers.
### Disruption and Impact
Google and its partners executed a coordinated takedown of UNC2814’s infrastructure, terminating attacker-controlled Google Cloud projects, sinkholing domains, and revoking access to compromised accounts. Detection signatures tied to the group’s operations since 2023 were released to aid defenders in identifying and removing the threat.
While 53 confirmed victims were identified, the campaign’s scope suggests a decade-long effort to surveil strategic targets, including dissidents, activists, and government entities. Historically, similar PRC-linked operations have accessed call detail records, SMS messages, and lawful intercept systems for intelligence gathering.
Despite the disruption, GTIG warns that UNC2814 is likely to rebuild its infrastructure using new tools and cloud resources. Affected organizations have received direct notifications and support.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JANUARY 2026
737
DECEMBER 2025
736
NOVEMBER 2025
762
Cyber Attack
18 Nov 2025 • GK
Government of Kenya
Government of Kenya Cyberattack with Defacement and Racist Messages
735
HIGH-27
GOK3562035111825
A cyberattack on Monday, [date not specified], targeted multiple high-profile Kenyan government ministry websites, including the Ministries of Interior, Health, Education, Energy, Labour, and Water. The attack defaced these platforms with racist and white supremacist messages (e.g., “We will rise again,” “White power worldwide,” “14:88 Heil Hitler”), disrupting public access for hours. The intrusion was attributed to a group identifying itself as ‘PCP@Kenya’, though no formal claim of responsibility was made. While no sensitive financial data or core government systems were compromised, the incident exposed vulnerabilities in Kenya’s public-sector digital infrastructure, prompting an urgent response from national cybersecurity teams (KE-CIRT). The attack was contained quickly, with systems restored and placed under continuous monitoring. However, the defacement of six key ministries’ websites—critical for public services—raised concerns about reputational damage, public trust erosion, and potential future exploits. No evidence linked the attack to broader regional coordination, though it followed a Somalia e-Visa breach reported 24 hours prior.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
REFERENCES
OCTOBER 2025
762
SEPTEMBER 2025
762
AUGUST 2025
762
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for GK ??
What was GK's A.I Rankiteo Cyber Score in June 2026 ??
What was GK's A.I Rankiteo Cyber Score in May 2026 ??
What was GK's A.I Rankiteo Cyber Score in April 2026 ??
What was GK's A.I Rankiteo Cyber Score in March 2026 ??
What was GK's A.I Rankiteo Cyber Score in February 2026 ??
What was GK's A.I Rankiteo Cyber Score in January 2026 ??
What was GK's A.I Rankiteo Cyber Score in December 2025 ??
What was GK's A.I Rankiteo Cyber Score in November 2025 ??
What was GK's A.I Rankiteo Cyber Score in October 2025 ??
What was GK's A.I Rankiteo Cyber Score in September 2025 ??
What was GK's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on GK's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with GK ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view GK's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?