From e464c0c5c216672df5fac520973b0c4540f52779 Mon Sep 17 00:00:00 2001
From: Mathieu4141 <mathieu@feedly.com>
Date: Fri, 1 Nov 2024 10:43:26 -0700
Subject: [PATCH] [threat-actors] Add RipperSec

---
 clusters/threat-actor.json | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/clusters/threat-actor.json b/clusters/threat-actor.json
index 19d1f46..0a2f4d9 100644
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@@ -17027,6 +17027,19 @@
       },
       "uuid": "ae17fcf4-1335-4dec-9976-e26d2e5f7290",
       "value": "Shahid Hemmat"
+    },
+    {
+      "description": "RipperSec is a pro-Palestinian, likely Malaysian hacktivist group created in June 2023, known for conducting DDoS attacks, data breaches, and defacements primarily targeting government and educational websites, as well as organizations perceived to support Israel. The group has claimed 196 DDoS attacks, with a significant portion directed at Israel, and utilizes a tool called MegaMedusa for their operations. RipperSec operates on Telegram, where it has amassed over 2,000 members, and collaborates with various like-minded hacktivist groups. Their attack strategy relies heavily on community involvement rather than sophisticated infrastructure.",
+      "meta": {
+        "country": "MY",
+        "refs": [
+          "https://blog.checkpoint.com/security/hacktivists-call-for-release-of-telegram-founder-with-freedurov-ddos-campaign/",
+          "https://www.radware.com/blog/security/2024/08/megamedusa-rippersec-public-web-ddos-attack-tool/",
+          "https://www.cyjax.com/the-hacktivist-response-to-uk-foreign-policy/"
+        ]
+      },
+      "uuid": "70d09d1f-15fb-4003-bd9a-b52250d9d57e",
+      "value": "RipperSec"
     }
   ],
   "version": 318