ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Analyst On Demand
Incident Response
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Research
  • Threat Analysis Brief Reports
Quick Overview of Recent DDoS Attacks Targeting South Korea
2025.04.07

✅ Report Title:


Quick Overview of Recent DDoS Attacks Targeting South Korea (RipperSec, Red wolf cyber)



✅ Executive Summary:


- On March 4, 2025, RipperSec, a pro-Palestinian and pro-Islam hacktivist group based in Malaysia and active on Telegram, began targeting South Korea in a series of attacks. The group called for an end to military support for Israel and advocated for the freedom of Palestine.


- Through its posts, RipperSec revealed that it is part of the Holy League alliance and collaborates with over 40 other groups, including NoName057(16) and UserSec. Based on inter-group cooperation, it carries out DDoS attacks against various countries.


- After March 8, the attacks on South Korea temporarily ceased, and the group appeared to shift its focus to countries like Slovakia and Serbia. However, upon sharing a news article written by a Korean media outlet about RipperSec, the group resumed its attacks on South Korea.


- For more detailed information about the Holy League alliance, NoName057(16), and UserSec, please contact S2W or refer to the report published by the Threat Intelligence Center.



📌 What are the characteristics of RipperSec?


RipperSec does not use advanced hacking techniques, but since its members have gathered from various countries for the purpose of hacktivism, the number of group members and attacks is gradually increasing, thereby expanding its threatening influence.



📌 Is there another DDoS attack group recently targeting South Korea?


Red Wolf Cyber (also referred to as Red Wolf Ceyber) has been active.


- On March 6, 2025, Red Wolf Cyber launched attacks targeting South Korea without specifying any particular reason. However, the group's channel was shut down after its final attack on March 7, which targeted the Korean Canadian newspaper with a DDoS attack.


- On March 12, the group rebranded as Red Wolf Ceyber and resumed activities through a new channel, primarily focusing on attacks against Ukraine.


- However, on March 24, the group once again launched a DDoS attack targeting South Korea, specifically the English legal information domain (elaw.kiri[.]re.kr), signaling a continuation of its attacks against South Korea.



✅ Recommended Threat Detection and Mitigation Actions:


A detailed timeline of DDoS attacks targeting South Korea by the RipperSec and Red Wolf Cyber groups can be obtained by contacting S2W. For specific analysis and response measures, please submit your request via the link below.



🧑‍💻 Author: S2W TALON (Updated. 2025-04-02)


👉 Contact us: https://s2w.inc/en/contact


*The full report is available upon request and for QUAXAR subscribers.


News Highlights
Weekly Darkweb in March W5
2025.04.02
Previous
R&D Columns
Beyond General LLMs: The Power of Domain-Specific AI Language Models
2025.04.08
Next
List