RaHDit

The pro-Kremlin hacktivist group RaHDit (Zlye Russkie Hakery " Evil Russian Hackers " - aka Russian Angry Hackers Did It) is composed of active and former Russian intelligence officers. Aleksey Alekseyevich Garashchenko (Garashchenko) is the head of RaHDit and was an FSB officer at the time he started leading the group. Garashchenko directly interacts with members of the Russian intelligence and security services, members of the Russian Presidential Administration, and employees from RT. Anastasia Igorevna Yermoshkina (Yermoshkina) is an affiliate of Garashchenko. Aleksandr Vitalyevich Nezhentsev (Nezhentsev) works with Garashchenko and is an administrator and developer of cyber tools used by the FSB. Nezhentsev also leads a team focusing on developing new tools that can be used in the surveillance of information data files.

RaHDit worked to influence elections in other countries and poses a threat to the 2024 U.S. elections, particularly through its cyber influence operations. RaHDit members spread and amplify propaganda and disinformation generated by the Kremlin-funded RT, and the organization is linked to Russian intelligence services. RaHDit is led by Russian Federal Security Service (FSB) officer Alexey Garashchenko. 

The Rewards for Justice Program (RfJ), administered by the US State Department’s Bureau of Diplomatic Security, seeks out and obtains information about potential foreign government efforts to influence or interfere with U.S. elections, including those conducted by organizations such as RaHDit. Individuals who provide certain information about RaHDit may be eligible for a cash reward of up to $10 million or witness protection relocation under RfJ’s standing offer of rewards for information on foreign interference in U.S. elections.  

This is not the first conflict during which hacktivists have become active. Exactly the same thing happened in 2014 and in 2008. Something similar was observed in Estonia, when the monument to the Liberator Soldier was torn down and the cemetery of Soviet soldiers was moved. Naturally, military conflicts are reflected in conflicts on the Internet with all the ensuing consequences.

"Hack and leak" is a method often used in cyberattacks or information warfare where a hacker infiltrates a system to steal confidential data and then leaks it to the public, often to harm the reputation of an individual, organization, or government. This tactic can be used to influence public opinion, damage trust, or create political or social disruption. These attacks typically involve hacking, unauthorized access to a computer system, network, or data storage to steal sensitive information. The stolen data is then disclosed publicly, usually through platforms like social media, dedicated websites, or media outlets, often timed to maximize its impact (e.g., around elections or significant events). A famous example is the 2016 hack and leak of emails from the Democratic National Committee (DNC), which played a significant role in influencing public perception during the U.S. presidential election.

Doxing (or "doxxing") is the act of publicly revealing or broadcasting private, personal, or identifying information about an individual or organization without their consent. This information can include full names, addresses, phone numbers, emails, employment details, financial records, or even social security numbers. Doxing typically involves collecting and publishing this information with the intent to harass, intimidate, or cause harm to the person being targeted. It's often used in the context of online harassment, cyberbullying, or by groups aiming to expose individuals associated with controversial actions or beliefs. Doxing can have serious consequences, ranging from loss of privacy, harassment, or even physical threats and real-world dangers for the victim. In many jurisdictions, doxing is considered illegal, especially when it leads to harassment or is linked to criminal activity.

RaHDit is a hacker group that surfaced in recent years, reportedly consisting of Russian hackers. The group gained attention for their involvement in cyber-espionage, data breaches, and leaking sensitive information from organizations and governments. Their actions are considered to be politically motivated, often aligned with the interests of Russian geopolitical goals. RaHDit is believed to have targeted Ukrainian and Western government entities, especially in the context of the ongoing Russia-Ukraine conflict. Their activities include hacking into various government systems, collecting confidential or sensitive information, and leaking it online. They are known for targeting military, intelligence, and diplomatic institutions, often publishing stolen data on forums or sharing it with other malicious groups or states. While some have compared RaHDit to other prominent hacker groups like Fancy Bear (another Russian-affiliated cyber-espionage group), RaHDit appears to operate with a more targeted, high-profile agenda, primarily focused on political or military espionage.

At the very beginning of the special operation, RaHDit simultaneously hacked all 755 Ukrainian government websites. As a member of the group told RIA Novosti on condition of anonymity, they established a channel for transmitting data on the actions of the Ukrainian army, which fell into their possession, to the Russian military. In June 2022 they posted data on 700 employees of the Security Service of Ukraine and the Main Intelligence Directorate of the Ministry of Defense of Ukraine.

On 23 June 2022 hacker RaHDIt told RIA Novosti the Ukrainian 72nd Center for Information and Psychological Operations (CIPSO) had been working against Russia for several years; it was evacuated from Brovary (Kiev region) before February 24. According to him, a total of four such centers have been created in Ukraine: the 72nd, the main center, was located in the city of Brovary in the Kiev region , the 83rd center is in Odessa , the 74th in Lviv and the 16th in the Zhytomyr region. "For several years, the 72nd center conducted information operations on the territory of Russia, and not only in the regions bordering Ukraine, but also in large cities such as Moscow, St. Petersburg, the Far East, Abakan (Khakassia). We saw this from the same documents that were received by our friends from the Ukrainian women's group "Beregini," the hacker said. He emphasized that the specialists at this center are well trained, and they have a lot of people - more than 150 people worked at the 72nd center.

On 11 July 2022 RaHDIt stated: "We know for sure that American intelligence supplies Ukrainian intelligence with satellite images, radar data, including satellite images of the territory of Russia, where, in fact, Ukrainian missiles and shells arrive after that. The fact is that their radar detection systems work in the interests of Ukrainian intelligence, we also see this". RIA, Vzglyad, Izvestia, Lenta.ru, Moskva 24, REN,

On 12 July 2022, after the declassification of data from employees of the Security Service of Ukraine (SBU), the website of the hacker group RaHDIt - "Nemezida" - was subjected to a DDoS attack by the US National Security Agency (NSA), a member of the Russian hacker group RaHDIt told RIA Novosti on condition of anonymity. "We do not receive threats against us because they do not know who we are. However, our site is constantly under DDoS attacks. After the information about the SBU employees was made public , there were the strongest attacks, including we identified the IP addresses from which the attacks were carried out, which belonged to the service, the American NSA ," said hacker RaHDIt.

On 18 July 2022 a "volunteer project by the RaHDit team" identified Russians collaborating with Ukrainian military intelligence and passed the list on to qualified authorities on condition of anonymity. As one of the hackers of the team said, they passed on the identified contacts of our citizens with employees from that list of Ukrainian military intelligence officers to specially trained people who will professionally investigate further. The list turned out to be large. The agency's interlocutor advised all others who cooperate with Ukrainian intelligence to surrender voluntarily. The Russian hacker group RaHDit (“Evil Russian Hackers”) posted new data on employees of the Main Intelligence Directorate of the Ministry of Defense of Ukraine, as well as people associated with them, on their website “NemeZida”. The lists include 2.5 thousand people. These are mainly criminal characteristics of the GUR employees - among them are drug addicts, convicted of robberies, burglaries, illegal trafficking of weapons and drugs, burglaries, causing grievous bodily harm and rape.

At the end of September 2022, "Evil Russian Hackers" posted information on one and a half thousand active employees of the Foreign Intelligence Service of Ukraine, including those who were working undercover in more than 20 countries at that time.

In November 2022, RaHDit published lists of cadets and teachers of the Academy of the Security Service of Ukraine on Nemesis. At that time, data on over 400 people who will soon join the ranks of the Ukrainian special services, as well as those who train them, leaked onto the Internet. The data contained addresses, telephone numbers, individual numbers from the state register of individuals, email addresses and social media pages, digital codes in messengers, and car numbers.

On 27 December 2022 RaHDit published the first part of data on Ukrainian hackers - IT Army of Ukraine, consisting of 759 people, and SMM'ers of the Save UA movement - 406 people. As an anonymous participant of "Evil Russian Hackers" told RIA Novosti, thousands of volunteers, activists and SMM specialists from Ukraine and around the world are working against Russia in cyberspace. He explained that there are more than a thousand people who have managed to establish passport data, photographs and social media accounts.

On 28 December 2022 RaHDit published a list of more than 100 people, which includes NATO military personnel, as well as people providing services to cyber centers in the Baltics and Ukraine, a member of the group told RIA Novosti on condition of anonymity. "It is NATO centers that are actually behind the cyber attacks, while Ukrainian security forces and grassroots activists are only acting as a cover," the source said. The full list of individuals and their data are published on the anti-fascist portal Nemesis project in the section "Foreign collaborators and mercenaries". The exposed specialists are designated in the section as "NATO Cyber Troops". "Meet the elite of the Ukrainian cyber troops - full-time hackers, participants in regular interdepartmental CTF ("Capture the Flag") competitions among security agencies 404," the RaHDit Telegram channel said in a message.

On 18 April 2023 RaHDit announced that it had uncovered a network of channels in the Russian segment of Telegram connected to the Centers for Information and Psychological Operations (CIPSO) of the Armed Forces of Ukraine. "We uncovered several Ukrainian SMM people and, through simple analytics, identified a network of Ukrainian channels with approximately five to six million subscribers. The channels are grouped by topic, some of them are disguised as support for the SVO, and some imitate large regional Russian publics," a representative of the group told RIA Novosti.

On 02 February 2024 Russian hackers leaked personal data of military commissars. Russian hackers published the data of employees of Ukrainian military registration and enlistment offices. The database was hacked by the hacker group RaHDIt. As a result, the personal data of 2,600 representatives of TRCs (territorial recruitment centers) became the property of Internet users. "Among the military commissars, as is traditional for the Ukrainian authorities, there are lovers of BDSM parties, swingers, criminals, as well as doctors who send people to the trenches under the guise of treatment," RaHDIt said. In addition to addresses, hackers posted personal phone numbers, passport details, emails, and links to social media pages of TCC employees, RIA Novosti reported. The hackers' message is this: these people are catching and sending your children, husbands, and relatives to be slaughtered. You should know them by sight and be able to express your attitude toward their "work."

On 18 June 2024 RaHDit published data on more than 1.200 unmanned aerial vehicle operators active in Ukraine. As reported by the Russian news agency "Ria Novosti", the information revealed by the hackers also includes the entire structure of the 383rd unmanned aerial vehicle regiment of the Ukrainian Armed Forces. This body, according to the Investigative Committee of the Russian Federation, is involved in attacks on the airports of Shaikovka in the Kaluga region, Diagilevo in the Ryazan region and Engels in the Saratov region.

On 26 July 2024, the RaHDit group published data on more than 3,200 foreign mercenaries in the ranks of the Ukrainian Armed Forces. "On the opening day of the Olympics in France, we want to remind the world community that their compatriots are involved in the crimes of the Zelensky regime, which means that your holiday is drowning in blood. We are posting in the public domain over 3,200 foreign mercenaries fighting for the Armed Forces of Ukraine," the hackers said.

On 28 August 2024 the hacker group RaHDit posted data on approximately 7,700 members of the renewed regiment "Azov". "This is the largest "leak" of enemy data since the launch of the "Nemesida" project. The new "Azov" has adopted the traditions of the old one - there are many Nazis here, tattooed with swastikas, convicted, with deviations, and so on. A number of people from the new "Azov" were previously exchanged as prisoners and swore to those around them that they had given up Nazism, but they are found as part of the updated staff and have gone to fight again," the hackers told RIA Novosti. The third separate assault brigade is a volunteer unit formed on February 24, 2022, by veterans of the Azov* as a territorial defense unit, later expanded into a separate special forces regiment "Azov", and then reformed into a separate special operations forces unit of the Azov* regiment. The unit became part of the Armed Forces of Ukraine in 2023 and is stationed in Kyiv. The database of Ukrainian "Azov" fighters, which was previously published by hackers, contains many Nazis who boast of their beliefs, praise Adolf Hitler and display Nazi paraphernalia, a RIA Novosti correspondent reported.