Two independent research firms have confirmed an assessment by the Democratic National Committee that its network was compromised by Russian government hackers.
The firms’ conclusions come several days after someone going by the moniker “Guccifer 2.0” claimed responsibility for the hack in an apparent attempt to deflect blame from the Russian government.
The DNC had hired the cybersecurity firm CrowdStrike to investigate the breach, and the firm found that two Russian hacker groups penetrated the network at different times.
Guccifer 2.0’s claim came a day after the DNC acknowledged the intrusion and CrowdStrike announced its findings in a blog post. The hacker posted documents to a website that appeared to have been stolen from the DNC.
Now at least two other cybersecurity firms — Fidelis Cybersecurity and Mandiant — have seconded CrowdStrike’s conclusion.
CrowdStrike attributed the intrusions to two groups, which it has dubbed Cozy Bear and Fancy Bear. The latter group stole opposition research files on presumptive GOP presidential nominee Donald Trump.
“Based on our comparative analysis, we agree with CrowdStrike and believe that the Cozy Bear and Fancy Bear . . . groups were involved in successful intrusions at the DNC,” Michael Buratowski, a senior executive at Fidelis, said in a blog post Monday.
Fidelis analyzed samples of the malicious software used in the DNC hack.
“The malware samples matched the description, form and function that was described in the CrowdStrike blog post,” Fidelis stated. “In addition, they were similar and at times identical to malware that other [research firms] have associated to these actor sets.”
Analysts suspect but don’t have hard evidence that Guccifer 2.0 is, in fact, part of one of the Russian groups who hacked the DNC.
“Since the documents have been posted anonymously, there is no clear way to prove their origin,” Buratowski said. But he said it was “notable” that time and date stamps were missing in places one would expect to see them. “This could suggest that the content was copied and pasted into non-original documents.”
It is also possible, researchers said, that someone else besides the Russians were inside the DNC’s network and had access to the same documents.