The DNC Hack
Two separate Russian intelligence services had been quietly reading the Democratic National Committee's email for months when the leaks began appearing on WikiLeaks.
In June 2016, the Washington Post reported that Russian government hackers had penetrated the computer network of the Democratic National Committee. The Post's source was CrowdStrike, the incident-response firm the DNC had retained after noticing anomalies in its network.
Two bears, one network
CrowdStrike concluded that two distinct Russian intelligence operations had been operating inside the DNC's environment, largely without bumping into each other. The first, which the firm labeled Cozy Bear and later identified with Russia's foreign intelligence service the SVR, had been present since the summer of 2015. The second, Fancy Bear, attributed to military intelligence GRU unit 26165, had arrived in spring 2016.
The SVR's posture appeared to be quiet long-term collection. The GRU's was different. Within weeks of the public disclosure, a previously unknown persona calling itself Guccifer 2.0 began publishing internal DNC documents, followed by mass releases on DCLeaks and ultimately WikiLeaks. The timing, hitting the news cycle through the 2016 US election, became a permanent feature of that campaign.
The indictment
In July 2018, US Special Counsel Robert Mueller indicted twelve named GRU officers for the operation, laying out tradecraft, infrastructure, and specific moments of laundering documents through Guccifer 2.0 and WikiLeaks. None were extradited.
What the chronicle remembers
The DNC hack made the phrase "information operation" common currency outside intelligence circles. The technical breach was unremarkable; the choice to weaponize the exfiltrated material through anonymous-seeming publishers, on a precise news-cycle schedule, was the operation's actual payload.