The experts cited by Mr. Mook include CrowdStrike, a cybersecurity firm that was brought into the Democratic National Committee when officials there suspected they had been hacked.
In mid-June the company announced that the intruders appeared to include a group it had previously identified by the name “Cozy Bear” or “APT 29” and been inside the committee’s servers for a year. A second group, “Fancy Bear,” also called “APT 28,” came into the system in April. It appears to be operated by the G.R.U., the Russian military intelligence service, according to federal investigators and private cybersecurity firms. The first group is particularly well known to the F.B.I.’s counterintelligence unit, the C.I.A. and other intelligence agencies. It was identified by federal investigators as the likely culprit behind years of intrusions into the State Department and White House unclassified computer system.
Russian intelligence agencies went to great lengths to cover their tracks, investigators found, including meticulously deleting logs, and changing the time stamps of the stolen files.
Officials at several other firms that have examined the code for the malware used against the Democratic National Committee and the metadata of the stolen documents found evidence that the documents had been accessed by multiple computers, some with Russian language settings.
Join the conversation as a VIP Member