Since the infiltration of the Democratic National Committee (DNC) was exposed by cybersecurity firm Crowdstrike in June, multiple independent research teams have concluded that all roads lead to Russia after analysing every angle of the breach.
Amid the fallout from the incident – and an ongoing FBI probe – Crowdstrike, ThreatConnect, Fedelis Security and SecureWorks have all released complex reports analysing malware samples, spearphishing samples, fake domain names, disinformation campaigns and IP addresses.
Furthermore, the list of targets allegedly chosen by the groups, largely centred on groups linked to the forthcoming US election, continues to grow.
To date, alleged Russian state-sponsored hackers are believed to have targeted Washington think tanks, news organisations, political officials, election systems and even the Olympic drug testing agency.
Yet amid the claims of professional experts, Russian state media has continued to state that any evidence of Kremlin-linked involvement is "nowhere to be found". In its latest coverage of the think tank hack, Russia Today (RT) hit out at the continued allegations of the nation's involvement.
"US media picked up the [DNC] accusations. In reality, actual evidence was nowhere to be found," it said. "Instead, reporters relied on insinuations such as a widespread agreement among cybersecurity experts and professionals that Russia was somehow responsible." It goes on to brand the slew of accusations as "hysteria".
The state-sponsored media outlet, unsurprisingly, re-enforced statements from Kremlin spokesperson Dmitry Peskov, who previously said any suggestion of Russian involvement was "quite absurd". He added: "We in Russia are used to investigating first, before accusing anyone of anything. We believe it is more logical and more correct.
"There are attempts to cover up these manipulations by demonising Russia again, which we feel is improper. Russia does not interfere, and never will interfere, in the internal affairs – especially the elections – of any other countries, including the US."
Indeed, even when faced with mounting evidence of Russian involvement in recent hacks, cybersecurity experts would be the first to admit concrete attribution is extremely difficult.
"The 'who' behind all this stuff online is next to impossible without actual operators who are doing the work on the ground, the way our intelligence agencies operate," Steve Grobman, chief technology officer with Intel Security Group told USA Today in a previous interview.
The cybersecurity firms, however, stand by their research. Most of the forensic research revolves around two separate hacking groups – dubbed Cosy Bear (APT29) and Fancy Bear (APT28) – which were both found in the networks of the DNC.
Depending on the security firm, the groups are known under a string of different aliases – including Sofacy Group, Pawn Storm, Sednit, The Dukes and CosyDuke – however the suspected culprits in nearly every investigation remains the same: hackers affiliated with the Russian state.
"We've had lots of experience with both of these actors attempting to target our customers in the past and know them well," stated Crowdstrike in a blog post. "In fact, our team considers them some of the best adversaries out of all the numerous nation-state, criminal and hacktivist/terrorist groups we encounter on a daily basis.
"Both adversaries engage in extensive political and economic espionage for the benefit of the government of the Russian Federation and are believed to be closely linked to the Russian government's powerful and highly capable intelligence services."