3C-INT logo [Cyber]Crime Characterization for Intelligence FREE PREVIEW
You are exploring the Free preview. To unlock full read-only access to all public profiles and in-app notifications, create a free research account. For analyst / premium plans capabilities (editing, advanced tabs, exports), please contact us

Threat Actor Characterization

Back
You’re viewing the read-only version. Sign in for analyst tools (editors, promote draft, file/relations management, etc.)
AhadunAhad

AhadunAhad

ID: 2cf9e3d4dbee5d6ce9f4e45e5da1c898
Cybercrime Cybercriminal Hacktivist
Threat types: Pro-Palestine, Hacktivism, Data Leak
Unknown IND, ISR, PSE, USA
Updated: 2026-03-04
Created: 2026-01-27
Progress: 83% Completeness: 88% Freshness: 70%
Operation zone: India, Israel, Palestine, United States
Aliases Limited alias preview
Ahadun Ahad Ahadun-Ahad 2.0 Team Ah******** Te**************
Showing 2 of 4 aliases in free preview.
Actor Network Graph
Open Network Graph
Read-only preview for anonymous visitors. Sign in with a free Research account for full workspace.
MITRE ATT&CK®
confidence: medium
Actor Techniques page ATT&CK® Diagram

AhadunAhad (also referenced as 'Ahadun-Ahad 2.0 Team' / 'Team Ahadun-Ahad') is a hacktivist leak persona linked in public reporting to the publication of Indian voter ID card images on Telegram during India's 2024 election period, operating in the broader pro-Palestinian hacktivist ecosystem.


Technique Technique name Tactics Evidence
T1585 Establish Accounts TA0042
  • 2024-05-21 — Use of Telegram presence to publish and distribute leaked identity documents is consistent with establishing/using public accounts for dissemination. INFERENCE (confidence: medium): specific account ownership may churn, but the technique applies to the operational model. · ref
T1213 Data from Information Repositories TA0009
  • 2024-05-21 — Public reporting suggests the leaked voter ID imagery likely originated from compromised third-party KYC/ID verification entities, implying access to an information repository of identity documents. INFERENCE (confidence: medium): the actor may have obtained the dataset directly or via intermediaries. · ref
T1567.002 Exfiltration to Cloud Storage TA0010
  • 2024-05-21 — Leak operations typically require staging and transfer of data to externally accessible services prior to publication. INFERENCE (confidence: low): no direct technical evidence of cloud storage exfiltration was provided; included as a plausible staging pattern. · ref
T1656 Impersonation TA0005
  • 2024-05-21 — Publication of voter ID documents during an election period aligns with influence operations intended to undermine trust and shape public perception. INFERENCE (confidence: medium): reporting describes influence goals tied to the leak narrative. · ref
Strategic Intelligence
Limited preview
Last updated: 2026-02-19T17:43:39+00:00

AhadunAhad — Pro-Palestinian hacktivist / data-leak persona (“Ahadun-Ahad 2.0 Team”)

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Full strategic intelligence is available in Analyst and Premium plans.
Executive Analyst Brief for CISO
Saved Limited preview

Executive Analyst Brief for CISO — AhadunAhad

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

Upgrade to access the full executive brief.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Executive brief now
Saved successfully.
Hunting Playbook
Saved Limited preview

Hunting Playbook — AhadunAhad (Ahadun-Ahad leak operations)


Upgrade to access the full hunting playbook.
Tip: Hover the section title to learn what’s included in Analyst / Premium plans.
Hunting Playbook now
Saved successfully.
IOC Appendix
Saved Limited preview
Last updated: 2026-02-19T17:46:12+00:00

IOC Appendix — AhadunAhad

Classification: Unclassified / Open Source Intelligence (OSINT) — TLP:WHITE

More IOC context for Research. Full appendix for Analyst and Premium plans.
IOC Appendix now
Saved successfully.
OSINT Library
Saved Limited preview
Last saved: 2026-02-19T17:46:27+00:00

OSINT Library — AhadunAhad


2024-05-21 — Resecurity — “Cybercriminals are Targeting Elections in India with Influence Campaigns”

Full OSINT references available for Research / Analyst.
OSINT Library now
Saved successfully.
Social Medial & Communication
SOCMINT integrated: 0/3
Address Verification SOCMINT
t.me/aha*********** Restricted Not integrated
t.me/Tea*********** Restricted Not integrated
t.me/joi**************** Restricted Not integrated
Notes: preview mode hides sensitive social/contact details.
Reference Images/Associated Evidence Limited
Showing 1–1 of 1 images
Image used in social media account Free Preview
Image used in social media account