In 2016, ThreatConnect published some excellent analysis in relation to Guccifer 2.0, however, they did make one assumption that seems to have come from a misunderstanding about the status of a certain IP address.
"It is important to note that the IP address seen in the Guccifer 2.0 AOL communications - 95.130.15[.]34 - is not listed as an option within Elite VPN Service. ".
They then asserted:
"Based on this information, we can confirm that Guccifer 2.0 is using the Russia-based Elite VPN Service, and is able to leverage IP infrastructure that is not available to other users"
However, responses from inquiries made to the VPN company on this topic present a different explanation and highlights something ThreatConnect appear to have missed, that is... the VPN node in question appears to have been the default public node at that time and ThreatConnect just weren't aware that this node was listed as "Default" in Russian language.
The following is from my reporting on this in March 2017:
[Note: This article is just a republishing of content that was previously on my site's home page. I've moved it into it's own article to reduce clutter.]