The case of Russian interference on the US election is well documented. Below is a summary of the events.

  • March 19, 2016, spear phishing email as a security notification from Google instructing the Chairman of the Clinton to change his password.
  • Once they got access to the Chairman emails, they stole over 50,000 emails.
  • Email was sent from [email protected] and spoofed to appear as though it came from Google
  • March 28, 2016, through social media research of victims associated with Clinton, campaign the Russians successfully stole email credentials and actual emails from the users.
  • April 6, 2016, they created an email, with a one-letter deviation of the actual spelling and sent spear phishing campaigns with a link titled “hillary-clinton-favorable-rating.xlsx”. This link directed the users to Russian Military created sites.


  • March 15, 2016, one of the Russians ran a technical query of the DNC’s IP configurations to identify connected devices. (NMAP). They also searched for Open-source information about the DNC network, democratic party and HIllary Clinton.
    April 7, 2016, another technical query now of DCCC’s network was made
  • April 12, they hacked through the DCCC network and installed malware. They installed multiple versions of their X-Agent Malware on at least 10 computers, which allowed them to monitor individual employee’s computer activity, steal passwords, and maintain access to the network.
  • April 22, 2016, they compressed gigabytes of data from the DNC computers and moved it using X-tunnel to a GRU computer in Illinois.
  • May 2, 2016, June 1, 2016, Y researched PowerShell commands and hacked DNC Microsoft Exchange Server and Stole thousands of emails
  • They covered their tracks by intentionally deleting logs and computer files. On May 13, 2016, they cleared the events log from a DNC computer
  • May 2016 DNC realized they had been hacked. They hired a security company (Crodwstrike) which tried exclude the intruders from the networks. Despite their efforts a linux based X-agent malware remained on the DNC network up to October 2016.
  • May 31, 2016 Russians realized a security company had been hired. They researched on open source information about Crowdstrike.
  • June 1, 2016 the Russians attempt to delete traces on the DNC computer using computer program CCleaner
  • June 14,2016, they registered a domain and used stolen credentials to modify the DCCC website and redirect visitors to
  • On June 20, 2016 after Crowdstrike disabled X-Agent, the Russians spent over 7 hours trying to unsuccessfully trying to connect to X-Agent.
  • On September 2016, the Russians successfully gained access to DNC computers hosted on a third-party cloud computing service and took a backup
  • A month before leaking the information, they created an online persona DCleaks and registered the domain and paid through an online cryptocurrency account.
    They claimed that the site was started by American hacktivists.
  • On June 14, 2016 after Crowdstrike publicly announced that DNC had been hacked by Russian government actors, the Russians created an online person Guccifer 2.0 and falsely claimed to be a lone Romania hacker.
  • on June 15, 2016, the Russians searched for various English words which was then used in a WordPress blog to announced the DC hack.
    On August 22, 2016, the Conspirators, posing as Gucccifer 2.0 sent the stolen documents to a report who was covering the Black Lives Matter Movement.

You can read the entire indictment here