Threat Group Profile
medusalocker
โ Active โ last 30 days
Victim claims
26
First seen
May 2026
Last activity
07 Jul 2026
Tracked since
โ
Group overview
Medusa is a DDoS bot written in .NET 2.0. In its current incarnation its C&C protocol is based on HTTP, while its predecessor made use of IRC.
Preferred targets
Business Services ยท 5
Consumer Services ยท 3
Manufacturing ยท 3
Public Sector ยท 3
Education ยท 3
Telecommunication ยท 1
Most targeted countries
BR ยท 3
DE ยท 3
GB ยท 3
US ยท 3
CA ยท 2
FR ยท 2
Tactics & techniques (MITRE ATT&CK)
Privilege Escalation
Parent PID Spoofing