HOMETHREATSRipperSec
APT / THREAT GROUP HACKTIVISM

RipperSec

🇲🇾MY-attributed
1
campaigns
1
aliases
Last seen:Mar 17, 2026

Intelligence Profile

RipperSec is a pro-Palestinian, likely Malaysian hacktivist group created in June 2023, known for conducting DDoS attacks, data breaches, and defacements primarily targeting government and educational websites, as well as organizations perceived to support Israel. The group has claimed 196 DDoS attacks, with a significant portion directed at Israel, and utilizes a tool called MegaMedusa for their operations. RipperSec operates on Telegram, where it has amassed over 2,000 members, and collaborates with various like-minded hacktivist groups. Their attack strategy relies heavily on community involvement rather than sophisticated infrastructure.

Threat Analysis

RipperSec is a known-sophistication threat actor attributed to MY, engaged in cyber operations with a primary motivation of hacktivism.

As a hacktivist-aligned entity, RipperSec conducts operations driven by ideological, political, or social grievances, typically through website defacements, DDoS attacks, and the leaking of sensitive data to advance a public narrative.

Known Campaigns

RipperSec — Active Operations March 2026

RipperSec is a hacktivism threat actor attributed to MY. RipperSec is a pro-Palestinian, likely Malaysian hacktivist group created in June 2023, known for conducting DDoS attacks, data breaches, and defacements primarily targeting government and educational websites, as well as organizations perceived to support Israel. The group has c...

ACTIVEMEDIUM2026

External References

Quick Facts

TypeAPT / Threat Group
Motivation hacktivism
Origin🇲🇾 MY
Aliases1
SourceMalpedia

Also Known As

RipperSec

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.