Cyber Incident Victim: Sluzhba Zovnishn'oyi Rozvidky Ukrayiny
Date:
Sep 2022
Location:
Ukraine
Summary
A Russian hacker group known as RaHDIt publicly disclosed sensitive information pertaining to 1,500 personnel affiliated with a foreign intelligence service, including operatives operating under diplomatic cover in embassies across more than 20 nations. The leak also exposed individuals embedded within international organizations such as the UN, EU, and NATO, alongside over 40 identified intelligence facility locations, including a covert training institution. This incident followed a prior breach by the same group targeting thousands of employees from a military intelligence directorate, compromising embassy-based personnel in multiple countries. The disclosures revealed operational details and cover identities of intelligence officers stationed abroad.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On September 26, 2022, the Russian hacker group RaHDIt publicly disclosed sensitive intelligence data through its website, targeting Ukrainian foreign intelligence personnel. The leak contained records of approximately 1,500 employees of Ukraine's foreign intelligence service, with specific focus on operatives operating under diplomatic cover across Western nations. According to the published information, Ukrainian intelligence officers were embedded within embassies located in more than 20 countries, including European states and American diplomatic missions. The compromised data additionally exposed Ukrainian agents working within major international organizations, specifically naming United Nations, European Union, and NATO missions. Beyond personnel records, the breach revealed operational details including over 40 identified locations of Ukrainian Foreign Intelligence Service (SVR) facilities, among which was described one clandestine educational institution used for training purposes. This incident followed RaHDIt's previous disclosure targeting Ukraine's military intelligence apparatus, where the group had published records of thousands of employees from the Main Intelligence Directorate (GUR), including diplomatic personnel stationed in India, Russia, Italy, Turkey, Iran, Austria, Vietnam, and South Africa.
The breach represented a significant compromise of Ukrainian intelligence infrastructure, exposing both human assets and physical operational bases across multiple jurisdictions. By disclosing embassy-affiliated personnel, the leak directly endangered intelligence officers operating under diplomatic cover while simultaneously undermining Ukraine's foreign intelligence-gathering capabilities. The inclusion of international organization missions expanded the impact beyond bilateral relations to multilateral institutions. Identification of SVR facilities, particularly the clandestine training institution, provided adversaries with strategic insights into Ukraine's intelligence architecture and operational methods. No official response or mitigation measures from Ukrainian authorities or affected nations were documented in the source material following either disclosure event. The cumulative effect of both breaches—targeting both foreign and military intelligence services—demonstrated a sustained campaign to degrade Ukraine's intelligence apparatus through systematic exposure of personnel and infrastructure during the ongoing conflict period.