Cyber Threat Actor: RaHDIt
| Actor Type | Location | Known Incidents |
Activist
|
Russia
|
1 incident |
|---|
Profile
RaHDIt is a hacker group that operates under the alias RaHDIt and has been publicly identified as originating from Russia. The group first came to attention through a series of data disclosures that targeted Ukrainian intelligence entities, posting the stolen information on its own website for public access. Its activities are characterized by the acquisition and release of sensitive personnel data rather than the deployment of traditional malware or ransomware payloads.
The group’s targeting has focused on Ukrainian foreign intelligence structures, specifically the foreign intelligence service and the Main Intelligence Directorate (GUR) of the Ukrainian military. In the September 2022 incident RaHDIt released data on approximately 1,500 employees of the Ukrainian foreign intelligence service, revealing details of officers serving under diplomatic cover in embassies across more than twenty countries, as well as personnel embedded in the United Nations, the European Union and NATO, and exposing over forty locations associated with Ukrainian SVR units, including a clandestine training facility. An earlier disclosure by the same group compromised thousands of records from the GUR, identifying embassy‑based officers in India, Russia, Italy, Turkey, Iran, Austria, Vietnam and South Africa. These actions indicate an emphasis on espionage‑oriented intelligence gathering rather than financial gain or disruptive effects.
Attribution to RaHDIt rests on open‑source reporting that labels the actors as a Russian hacker collective; no explicit state sponsorship or criminal consortium affiliation is cited in the available material. The group’s notable operations consist of the two major leaks described—the 2022 foreign intelligence service exposure and the prior GUR personnel breach—both of which were disseminated via the group’s own web platform. No specific malware families, initial access vectors or tooling techniques are referenced in the sources, so further technical details remain undocumented within the provided context. The profile is confined to these confirmed facts, avoiding speculation about the group’s size, sophistication, funding or broader geopolitical alignment.
