Russian Intelligence Hacked Democratic Targets and Used WikiLeaks to Release Stolen Emails
U.S. officials, cybersecurity investigators, and later federal prosecutors concluded that Russian intelligence penetrated Democratic Party networks and stole politically sensitive material during the 2016 presidential campaign. Early reporting on the Democratic National Committee breach tied the intrusion to the Russian-linked groups Cozy Bear and Fancy Bear, while the online persona Guccifer 2.0 surfaced to claim responsibility and distribute stolen files, including opposition research on Donald Trump. As hacked emails from the DNC and Clinton campaign chairman John Podesta were published, U.S. officials said they saw increasing evidence that Russia was using WikiLeaks as a channel to disseminate the material, even as Moscow, WikiLeaks, and figures including Julian Assange publicly denied Russian involvement or coordination.
The U.S. response escalated from an FBI investigation and intelligence reviews ordered by the Obama administration to formal attribution and criminal charges. Special Counsel Robert Mueller later secured indictments against 12 GRU officers for the DNC hack-and-leak operation, and court filings and subsequent reporting detailed contacts between Guccifer 2.0 and Trump adviser Roger Stone, though Mueller said he lacked sufficient admissible evidence to charge Stone, Assange, or WikiLeaks in a broader conspiracy. A bipartisan Senate Intelligence Committee report later backed the intelligence community’s assessment that the interference campaign was approved by Vladimir Putin, combined cyber-espionage with influence operations, and was intended to damage Hillary Clinton and help Donald Trump.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
33 events from the most recent confirmed update back to the earliest known activity.
Justice Department releases less-redacted Mueller report
In November 2020, the Justice Department released a less-redacted version of Mueller's report, revealing more detail about investigators' examination of Roger Stone, WikiLeaks, and Julian Assange. The newly disclosed material said Mueller found insufficient admissible evidence to charge a criminal conspiracy tying them to Russia's hack-and-leak operation.
Senate Intelligence Committee reaffirms Russia interfered to help Trump
A bipartisan Senate Intelligence Committee report in April 2020 backed the US intelligence community's assessment that Russia interfered in the 2016 election in a broad campaign approved by Vladimir Putin. The report said the operation aimed to damage Hillary Clinton and benefit Donald Trump.
Mueller report details obstruction findings related to Russia investigation
Special Counsel Robert Mueller's Volume II report laid out multiple episodes examined as possible obstruction of justice by President Donald Trump during the investigation into Russian election interference. Mueller did not reach a traditional prosecutorial judgment on obstruction but stated that if investigators had confidence Trump clearly did not commit obstruction, they would have said so.
DOJ charges GRU officers over global hacking and disinformation operations
The Justice Department announced charges against Russian GRU officers for international hacking and related influence and disinformation operations. The case expanded US law-enforcement action beyond the earlier July 2018 DNC-focused indictment to cover broader GRU cyber activity.
Senate Intelligence Committee asks Assange to provide election interference evidence
The US Senate Intelligence Committee asked WikiLeaks editor Julian Assange to provide evidence about Russia's role in the 2016 election and the publication of hacked Democratic emails. Reporting said Assange was considering whether to testify or otherwise cooperate with the committee.
DOJ says GRU indictment includes hacks of state election entities and vendors
The July 13, 2018 DOJ announcement said the indictment of 12 GRU officers also covered intrusions against state election-related entities and vendors to steal voter data. Prosecutors alleged the officers used false identities, infrastructure, and cryptocurrency-funded purchases to support the operation, while saying the indictment did not allege altered vote counts or knowing American participation.
Mueller indicts 12 GRU officers over DNC and Clinton campaign hacks
In July 2018, Special Counsel Robert Mueller charged 12 Russian military intelligence officers with conspiring to hack Democratic targets during the 2016 election. The indictment tied the operation to the theft and staged release of DNC and Clinton campaign emails, including activity attributed to Guccifer 2.0.
Mueller indicts Russian troll farm and associates for election interference
Special Counsel Robert Mueller charged the Internet Research Agency, Concord Management and Consulting, Concord Catering, and 13 Russian nationals with conducting a social media influence campaign to interfere in the 2016 US election. The indictment alleged a long-running conspiracy to sow discord, support Donald Trump, and disparage Hillary Clinton while concealing the Russian origin of the operation.
Cyber firm revises part of disputed Russian hacking report
In March 2017, a cybersecurity firm rewrote part of a contested report tied to Russian hacking allegations after criticism of its technical conclusions. The revision became a notable development in the public debate over evidence and attribution surrounding Russian cyber operations.
Russian cyber officials arrested on treason charges
Russian authorities arrested FSB officers Sergei Mikhailov and Dmitry Dokuchayev, along with Kaspersky researcher Ruslan Stoyanov, on treason charges. Subsequent reporting linked the case to suspicions that information about Russian cyberoperations, including election hacking attribution, had been passed to the United States.
Comey says Russia also hacked Republican targets
On 2017-01-10, FBI Director James Comey said Russian actors had also hacked Republican-related targets during the 2016 election cycle, but the information obtained was not publicly released in the way stolen Democratic material was. The disclosure broadened public understanding of the scope of Russia's election-related cyber activity beyond Democratic victims.
Intelligence chiefs brief leaders on summary of Steele dossier
U.S. intelligence leaders included a summary of Christopher Steele's unverified dossier in the classified report on Russian election interference and briefed President-elect Donald Trump, President Barack Obama, and congressional leaders on it. Officials said they had not validated the dossier's claims, but the briefing became a major new development once its existence leaked publicly.
Assange denies Russia was WikiLeaks' source for Democratic emails
Julian Assange publicly said in January 2017 that Russia did not provide the Democratic emails published by WikiLeaks. His denial came amid intensifying scrutiny of Moscow's role in the hacks and leaks.
Senate Intelligence Committee opens bipartisan Russia election probe
The Senate Intelligence Committee announced a bipartisan investigation into Russian interference in the 2016 election. The inquiry followed intelligence community conclusions that the activity was directed from the highest levels of the Russian government.
Obama says he warned Putin and promises retaliation for election hacking
President Barack Obama said he had told Vladimir Putin to 'cut it out' regarding Russian cyberactivity tied to the 2016 election. He also said the United States would respond with both public and non-public measures while releasing as much supporting evidence as possible without compromising intelligence sources and methods.
Obama says US will respond to Russian election hacking
In an NPR interview, President Barack Obama said the United States needed to take action over Russian hacking tied to the 2016 election and promised a response at a time and place of the US choosing. He said some response measures could be public while others might not be disclosed.
Craig Murray claims WikiLeaks' Clinton email source was not Russia
Former British ambassador Craig Murray said in December 2016 that the leaked Clinton-related emails published by WikiLeaks did not come from the Russian government, claiming they were obtained through an intermediary linked to a disgruntled insider. The statement added a public counter-narrative to growing US allegations of Russian responsibility for the hack-and-leak operation.
Trump rejects CIA assessment as senators call for Russia probe
After reports of a CIA assessment that Russia intervened in the 2016 election to help Donald Trump, Trump and his transition team publicly dismissed the finding and questioned the attribution. Bipartisan lawmakers including John McCain and Chuck Schumer called for a congressional investigation and urged that the issue not become partisan.
Obama orders full review of election-related hacking
President Barack Obama ordered a full intelligence review of Russian interference and election-related hacking before leaving office. The review was intended to assess what happened during the 2016 election and report findings to lawmakers and the public.
Democrats call for declassification of Russian hacking intelligence
In early December 2016, Democratic lawmakers publicly pressed for intelligence about Russian election hacking to be declassified. The push reflected growing demands for public disclosure of evidence behind the US assessment.
CIA reportedly prepares cyber response options against Russia
US media reported that the CIA had been asked to develop covert cyber options to retaliate against Russia for the theft and release of Democratic Party records. Vice President Joe Biden said the United States would send a message to Vladimir Putin at a time and under circumstances of its choosing.
US officials see signs Russia is funneling hacked emails to WikiLeaks
By October 2016, US officials said they had mounting evidence that the Russian government was supplying hacked election-related emails to WikiLeaks, including material tied to John Podesta. Officials viewed WikiLeaks as a delivery vehicle for the stolen documents.
Peter Smith seeks help validating purported Clinton emails
In September 2016, Republican operative Peter Smith approached a cybersecurity expert to help authenticate emails he claimed were from Hillary Clinton's private server and potentially obtainable via the 'dark web.' According to the later first-person account, Smith appeared unconcerned that the material might come from a Russian intelligence front so long as the emails were genuine and politically damaging.
Manafort shares campaign polling data with Kilimnik, Senate report later finds
On August 2, 2016, Paul Manafort met Konstantin Kilimnik in New York and discussed internal Trump campaign polling data, campaign strategy, and a pro-Russia Ukraine 'peace plan,' according to later Senate Intelligence Committee findings. The committee assessed Kilimnik had ties to Russian intelligence and that the interaction created a significant counterintelligence risk, even though it did not establish Manafort's direct involvement in the GRU hack-and-leak operation.
GRU hackers allegedly target Hillary Clinton's personal office
According to the July 2018 indictment timeline, Russian military intelligence officers attempted for the first time to access servers used by Hillary Clinton's personal office on July 27, 2016. The attempt occurred the same day Donald Trump publicly said Russia should find Clinton's missing emails.
Kremlin publicly denies role in Democratic email hacks
Kremlin spokesman Dmitry Peskov called allegations that Russia hacked and released Democratic Party emails 'absurd' and said the claims were harming US-Russia relations. The report also said US Secretary of State John Kerry raised the hacking issue with Russian Foreign Minister Sergei Lavrov during talks in Laos.
FBI opens investigation into the DNC intrusion
By July 2016, the FBI had opened an investigation into the DNC cyber intrusion to determine its nature and scope. The probe unfolded as leaked emails intensified political fallout inside the Democratic Party.
Leaked DNC emails trigger Debbie Wasserman Schultz's resignation
Publication of DNC emails showing favoritism toward Hillary Clinton over Bernie Sanders led to major political fallout. Debbie Wasserman Schultz resigned as DNC chair in July 2016.
Guccifer 2.0 begins releasing stolen DNC material
Days after the DNC hack was exposed, the persona Guccifer 2.0 emerged and published stolen DNC documents, including opposition research. Security researchers and journalists quickly pointed to Russian fingerprints in the leaked files.
DNC breach is publicly disclosed and attributed to Russian-linked groups
The DNC intrusion became public in mid-June 2016, with CrowdStrike attributing it to the Russian-linked groups Cozy Bear and Fancy Bear. Reports said the attackers stole opposition research on Donald Trump and accessed DNC staff systems.
Russian-linked groups gain access to DNC network
According to later reporting and CrowdStrike's findings, Cozy Bear maintained access to the Democratic National Committee network from the previous summer, while Fancy Bear separately infiltrated the network. The intrusions enabled monitoring of DNC communications and theft of political research.
DNC discovers network intrusion
The Democratic National Committee discovered suspicious activity and the breach in April 2016. Reporting said Fancy Bear entered around that time, prompting investigation of the compromise.
Papadopoulos is told Russia has thousands of Clinton emails
According to George Papadopoulos's later plea agreement, a London-based professor told him in April 2016 that the Russians possessed 'thousands' of Hillary Clinton emails. The disclosure, if accurate, meant a Trump campaign adviser learned of Russia's alleged possession of Clinton-related emails before the DNC hack became public.
Sources
48 references tracked. Mallory keeps watching after this page renders.
The Time I Got Recruited to Collude with the Russians | Lawfare
lawfaremedia.org
Open sourceIntelligence figures fear Trump reprisals over assessment of Russia election role | Donald Trump | The Guardian
theguardian.com
Open sourceMueller investigated - but didn’t charge - Stone, WikiLeaks and Assange for Russian hack of Democrats in 2016, less-redacted report shows | CNN Politics
cnn.com
Open sourceOffice of Public Affairs | Remarks By Assistant Attorney General For National Security John C. Demers On Announcement of Charges Against Russian Military Intelligence Officers | United States Department of Justice
justice.gov
Open sourceOpinion | Connecting the dots: How Russia benefits from the DNC email leak - The Washington Post
washingtonpost.com
Open sourceWe Spoke to DNC Hacker 'Guccifer 2.0'
vice.com
Open source“Guccifer” leak of DNC Trump research has a Russian’s fingerprints on it - Ars Technica
arstechnica.com
Open sourceUs Department Of Justice
justice.gov
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Russian Hackers Breached the DNC and Used Guccifer 2.0 and WikiLeaks to Spread Stolen Emails
Russian government-linked hackers penetrated the Democratic National Committee, stole opposition research on Donald Trump and thousands of internal emails, and triggered a wider investigation after leaked material exposed not only politically damaging correspondence but also sensitive donor and personal data. Security firms including CrowdStrike, Mandiant, Fidelis, SecureWorks, and ThreatConnect tied the intrusion to Russian groups tracked as `APT28`/**Fancy Bear** and `APT29`, with later reporting pointing specifically to Russia’s military intelligence service, the **GRU**, based on malware and infrastructure overlaps. Researchers and investigators said the operation combined network intrusion, theft, and staged disclosure in a manner consistent with a coordinated influence campaign targeting the 2016 U.S. election. After the breach became public, the online persona **Guccifer 2.0** surfaced to claim responsibility and deny Russian involvement, but reporting and forensic analysis described the persona as a likely cutout used to distribute stolen documents and muddy attribution. WikiLeaks then published large batches of DNC emails while later reports said it had direct outreach to Donald Trump Jr. during the campaign and declined to publish a separate cache of Russian government documents in the same period, intensifying scrutiny of its role in the broader information operation. Subsequent congressional and special-counsel-era reporting found sharp partisan disagreement over whether Trump associates coordinated with Russia, but broad agreement that Moscow conducted an interference campaign that used hacked Democratic materials to damage Hillary Clinton and influence the election.
May 25, 2026
Mueller Indictment Exposed Internet Research Agency Election Interference Scheme
A U.S. grand jury charged **13 Russian nationals and three Russian entities**, including the St. Petersburg-based **Internet Research Agency (IRA)**, with conducting a long-running campaign to interfere in the U.S. political system. Prosecutors said the operation used stolen identities, fake social media personas, political ads, and the organization of real-world rallies to inflame divisions over race, religion, and immigration while denigrating Hillary Clinton and boosting Donald Trump. The indictment said the effort began in 2014, included intelligence-gathering trips inside the United States, and continued after Election Day, while not alleging that Trump campaign officials knowingly joined the conspiracy. Subsequent reporting and official findings reinforced the scope of the operation. Earlier investigations had described the IRA as a professionalized troll farm that used proxies, scripted talking points, and fabricated online identities across major platforms, while Senate investigators later unanimously backed the intelligence community's conclusion that Russia mounted a sweeping campaign to undermine confidence in American democracy and aid Trump. Experts warned the same bot-driven influence tactics persisted beyond 2016, and Kremlin-linked businessman **Yevgeny Prigozhin**, long tied to the IRA and sanctioned by Washington, later publicly admitted that Russia had interfered in U.S. elections and would continue doing so.
May 25, 2026
US and Allies Expose GRU Hackers Behind Election, NotPetya, and OPCW Operations
US prosecutors and allied governments publicly identified Russian military intelligence officers from the **GRU** for a series of high-profile cyber operations, linking the same apparatus to election interference, destructive malware, and espionage campaigns. A Mueller indictment detailed how GRU operators allegedly hacked Democratic Party networks, stole documents, and staged their release through online personas and infrastructure designed to obscure Russian involvement. Separately, the US Justice Department charged additional GRU officers over attacks tied to Ukraine, including the **NotPetya** malware outbreak and intrusions associated with power grid disruptions, underscoring the unit’s role in both covert influence operations and disruptive cyberattacks. European authorities also exposed a failed close-access GRU operation against the **Organisation for the Prohibition of Chemical Weapons (OPCW)** in The Hague. Dutch officials said four Russian operatives arrived with Wi‑Fi interception equipment, cash, phones, and receipts that connected them to GRU facilities in Moscow, and later expelled them after reportedly receiving a British intelligence tip. Investigators and media reports tied members of that team to broader targeting of the Skripal investigation, **MH17** investigators, and the **World Anti-Doping Agency**, reinforcing a picture of a global GRU campaign marked by aggressive targeting and, in some cases, operational mistakes that helped attribute the activity.
May 25, 2026