Service

AI-Powered

Threat Intelligence
& Adversary
Tracking

Know who is targeting you, how they operate, and what they will do next. Citadel Africa's AI-powered threat intelligence platform monitors Kenya's digital threat landscape in real time — turning raw threat data into actionable decisions for your security team.

Request a Briefing Intelligence Products ↓

24/7 Automated Monitoring

AI Anomaly Detection

MITRE ATT&CK Mapped

East Africa Threat Feed — Live AI Monitoring

Critical

TA-EAST-007 — Financial Sector Campaign

Spear-phishing wave detected · 14 Kenyan banks targeted

High

RansomGroup-KE — New Variant Detected

New ransomware strain · Targeting ERP systems · IOCs extracted

Medium

Dark Web Alert — Credential Leak

3,200 Kenyan corporate credentials listed for sale

847 IOCs Today

23 Active Actors

99.2% Detection Rate

AI Analysis: Elevated financial sector risk detected. Recommend immediate review of phishing controls and SWIFT transaction monitoring for client environments.

What It Is

Intelligence That Drives Action, Not Just Awareness

Threat intelligence is the process of collecting, analysing, and applying knowledge about cyber threats — so your security team can make faster, better-informed decisions. The difference between a good intelligence programme and a poor one is not the volume of data collected, but the quality of decisions it enables.

Most generic threat feeds produce noise — alerts about threats happening on the other side of the world that are irrelevant to your environment. Citadel Africa's intelligence is different. Our AI-powered platform is tuned specifically to the Kenyan and East African threat landscape — tracking the actors, TTPs, and campaigns that are actually relevant to your sector and region.

We deliver intelligence you can act on — whether that is a daily IOC feed for your SIEM, a weekly threat briefing for your security team, or a bespoke threat assessment for your board.

Tactical Intelligence — IOCs & TTPs

Real-time indicators of compromise and attacker techniques — directly ingestible into your SIEM, firewall, and endpoint tools for immediate defensive action.

Operational Intelligence — Campaign Tracking

Tracking active threat campaigns targeting Kenyan enterprises — understanding attacker objectives, tools, and target selection to anticipate and preempt attacks.

Strategic Intelligence — Threat Landscape Reports

In-depth reports on the evolving African cyber threat landscape — providing leadership teams with the context needed to make informed security investment decisions.

Dark Web & Brand Monitoring

Continuous monitoring of dark web markets, paste sites, and criminal forums for leaked credentials, data for sale, and threat actor discussions targeting your organisation.

AI-Powered Engine

How AI Makes Our Intelligence Different

Real-Time Anomaly Detection

Our AI models continuously learn the normal behaviour patterns of East African networks, financial systems, and enterprise environments — flagging deviations that human analysts would miss in the noise.

Automated IOC Correlation

AI correlates indicators of compromise across thousands of sources — dark web feeds, honeypots, open source intelligence, and partner sharing — enriching raw IOCs with context before they reach your team.

Predictive Threat Modelling

By analysing historical attack patterns and current threat actor behaviour, our AI models predict which attack vectors and campaigns are most likely to target your sector in the coming weeks.

Natural Language Intelligence Briefs

AI converts raw threat data into plain-language briefings — so your security team, and your board, receive intelligence they can read and act on, not pages of technical indicators.

Attack Surface Correlation

Our AI correlates intelligence with your specific attack surface — mapping incoming threats to the assets, technologies, and people in your environment to tell you what is relevant and what is noise.

MITRE ATT&CK Auto-Mapping

All detected threat actor activity is automatically mapped to MITRE ATT&CK techniques and sub-techniques — giving your security team a standardised framework for understanding and communicating threats.

Kenya Threat Landscape

Who Is Targeting Kenyan Enterprises Right Now

Kenya's status as East Africa's digital and financial hub makes it a prime target. Our threat intelligence tracks the specific actors, campaigns, and techniques active in the Kenyan threat environment — so your defences are calibrated to real, current risk.

🏦 Financial Services & Fintech Critical Risk

🏛️ Government & Public Sector Critical Risk

📡 Telecommunications High Risk

🏥 Healthcare & NGOs High Risk

⚡ Energy & Infrastructure Elevated Risk

Tracked Threat Actors

🎯

Financial Crime Groups

East & West Africa · Financially Motivated

Organised criminal groups targeting mobile money platforms, SWIFT systems, and internet banking infrastructure across Kenyan financial institutions. Known for BEC, SIM-swap fraud, and supply chain attacks.

T1566 Phishing T1078 Valid Accounts T1190 Exploit Public App

🔒

Ransomware Affiliates

Global · RaaS Operators

Ransomware-as-a-Service affiliates increasingly targeting African enterprises — attracted by lower security maturity and willingness to pay. Kenyan manufacturing, healthcare, and logistics sectors are primary targets.

T1486 Data Encryption T1021 Remote Services T1083 File Discovery

🌐

State-Nexus APT Groups

Multiple Nations · Espionage Motivated

Nation-state aligned actors targeting Kenyan government, diplomatic missions, and critical infrastructure for intelligence collection, intellectual property theft, and strategic disruption.

T1059 Command Line T1071 App Layer Protocol T1027 Obfuscation

Intelligence Products

How We Deliver Intelligence to You

We deliver intelligence in formats that match how your team works — from machine-readable IOC feeds to boardroom-ready threat reports.

Real-Time

IOC Intelligence Feed

A machine-readable feed of indicators of compromise — IPs, domains, hashes, URLs — enriched with context and directly ingestible into your SIEM, firewall, or endpoint platform.

STIX/TAXII compatible format

IP, domain, URL, hash indicators

Confidence scoring per IOC

Africa-specific relevance tagging

MITRE ATT&CK technique mapping

Weekly

Threat Intelligence Briefing

A concise weekly briefing — delivered every Monday — summarising the key threats active in the Kenyan and East African threat environment, with recommended defensive actions for your team.

Active campaign summaries

Sector-specific threat highlights

New TTP analysis

Recommended defensive actions

Dark web monitoring highlights

Quarterly

East Africa Threat Landscape Report

A comprehensive quarterly report on the evolving threat landscape across East Africa — covering emerging threat actors, new attack techniques, sector-specific trends, and a 90-day outlook for your board and leadership team.

Threat actor profiles & evolution

Sector threat trend analysis

Notable incidents & lessons learned

90-day threat outlook

Board-ready executive summary

Continuous

Dark Web & Brand Monitoring

24/7 automated monitoring of dark web markets, paste sites, Telegram channels, and criminal forums — alerting you the moment your brand, credentials, or data appears where it should not.

Credential leak detection

Brand mention monitoring

Data breach early warning

Executive impersonation alerts

Real-time push notifications

On-Demand

Threat Actor Profile Report

A bespoke deep-dive into a specific threat actor targeting your sector — covering their history, motivations, tools, techniques, known infrastructure, and a tailored defensive playbook.

Full actor history & attribution

Known TTPs & tooling

Infrastructure & IOC catalogue

Tailored defensive recommendations

MITRE ATT&CK Navigator layer

API Access

Threat Intelligence API

Programmatic access to Citadel Africa's East Africa threat intelligence database — enabling integration with your SOAR platform, custom dashboards, and automated defensive workflows.

RESTful API with STIX 2.1 support

Real-time IOC query and enrichment

SOAR & SIEM integration support

99.9% uptime SLA

Dedicated integration support

Intelligence Lifecycle

From Raw Data to Actionable Decision

Intelligence is only valuable when it drives action. Our four-stage lifecycle ensures every piece of intelligence we produce leads to a decision your team can make.

Stage 01

Collection

AI-automated collection from open source intelligence, dark web feeds, honeypot networks, partner sharing platforms, and proprietary Citadel Africa sensor data across Kenya.

Stage 02

AI Processing

Machine learning models process and correlate raw data — filtering noise, enriching IOCs with context, mapping to MITRE ATT&CK, and scoring relevance to the Kenyan threat environment.

Stage 03

Analyst Validation

Citadel Africa analysts review AI-processed intelligence — validating findings, adding local context, and producing the finished intelligence products your team receives.

Stage 04

Dissemination & Action

Intelligence is delivered in the right format for the right audience — IOC feeds for SOC teams, briefings for security managers, and strategic reports for leadership — with clear recommended actions.

What You Get

Intelligence Deliverables

Real-Time IOC Feed

A continuously updated, machine-readable feed of indicators relevant to the Kenyan threat landscape — ingestible directly into your security tooling.

Weekly Threat Briefings

Plain-language weekly intelligence summaries covering the most significant threats active in your sector — with recommended actions for your security team.

Quarterly Threat Landscape Report

A comprehensive strategic report on the East African threat environment — with a forward-looking 90-day threat outlook and board-ready executive summary.

Dark Web Monitoring Alerts

Real-time push alerts when your organisation's credentials, data, or brand appears on dark web markets, paste sites, or criminal forums.

Threat Actor Profiles

Bespoke deep-dive profiles of the specific threat actors targeting your sector — with MITRE ATT&CK Navigator layers and tailored defensive playbooks.

Emergency Threat Advisories

Immediate out-of-cycle alerts when a significant new threat is identified that poses an elevated risk to your environment — with clear guidance on priority defensive actions.

Why Citadel Africa

Intelligence Built for Kenya

Local Context, Global Standards

Our intelligence is tuned to Kenya and East Africa — not recycled from global feeds. We track the threat actors, campaigns, and techniques that are active in your market, with the local context that makes intelligence actionable.

AI That Never Sleeps

Our AI monitoring runs 24 hours a day — correlating threat signals, detecting anomalies, and processing intelligence at a scale and speed no human team can match. Your team wakes up to briefed, validated, actionable intelligence.

Integrated Across Our Services

Our threat intelligence directly informs our penetration testing, incident response, and advisory services — creating a feedback loop where every engagement makes our intelligence sharper and your defences stronger.

Get Started

Stop Reacting. Start Anticipating.

Request a complimentary threat briefing for your sector. See exactly what threats are active in your industry right now — and what Citadel Africa's intelligence can do for your security team.

Request a Threat Briefing View All Services

Threat Intelligence& AdversaryTracking