Key insights
- RipperSec is a pro-Palestinian, pro-Muslim hacktivist group operating from Malaysia
- RipperSec has been operating on Telegram since June 2023 and has accumulated over 2,000 members in a little over a year
- MegaMedusa is a publicly available Web DDoS attack tool created and maintained by a member of the RipperSec group
- MegaMedusa can be installed in just five simple commands, allowing anyone to launch highly scalable Web DDoS attacks against targets of their choice
- The MegaMedusa attack tool uses 10 randomization techniques to diversify its attack requests and make the detection and mitigation of its attacks harder
- MegaMedusa makes some rudimentary attempts to evade CAPTCHA triggers through randomization and proxy use, but it does not include advanced CAPTCHA-solving capabilities
- RipperSec’s threat and scale do not come from a large and sophisticated attack infrastructure but from its community. Community has always been activists’ and hacktivists’ most powerful weapon.
RipperSec is a pro-Palestinian and pro-Muslim Malaysian hacktivist group. Their Telegram channel @RipperSec was created in June 2023 and accumulated over 2,000 subscribers by August 8, 2024.
RipperSec often works in alliance with other like-minded hacktivist groups and hackers in and outside of the region, including Tengkorak Cyber Crew, Eagle Cyber Crew, Stucx Team, 4Exploitation, Khalifah Cyber Crew, Helang Merah Group, Rex AnonSaven7, Team Cyber Ababil, Malaysia Hacktivist, Zenimous Crew, Laskar Pembebasan Palestina aka the Palestine Liberation Army, Garruda From Cyber (GFC), Holy League, Morrocan Cyber Black Army, and several others. Most hacktivists from Malaysia do not agree with the actions taken by Israel and consider all countries that support Israel as enemies.
RipperSec’s attack activity includes data breaches, defacements, and DDoS attacks—anything that creates chaos, attracts attention, and causes disruption that’s typical for a hacktivist group.
RipperSec DDoS Attack Claims
Between January 1 and August 8, 2024, RipperSec claimed 196 DDoS attacks. Almost a third of the attacks targeted Israel. India, the United States, the United Kingdom, and Thailand were other countries with significant attack activity claimed by RipperSec in 2024.
For more detailed information, please visit Radware’s Website.