| Date |
Source |
Activity |
Links |
June 2016 |
| 12th |
 |
In an interview aired by ITV (one of the most popular terrestrial TV channels in the UK), Assange stated: "we have upcoming leaks in relation to Hillary Clinton which are great" and, when pressed whether WL had stuff "not yet in the public domain", confirmed "we have emails related to Hillary Clinton which are pending publication. That is correct." |
link | arch |
| 14th |
 |
DNC release a statement explaining that they've discovered their servers were hacked. - They make mention of "Trump Opposition Research".
|
link | arch |
| 14th |
 |
Crowd Strike produce a report onmalware that they found on the DNC's server during an investigation in May, evidence suggests the malware was injected by Russians. |
link | arch |
| 15th |
|
Crowd Strike update a report onmalware that they found on the DNC's server during an investigation in May, evidence suggests the malware was injected by Russians. |
link | arch |
| 15th |
 |
Someone choosing to adopt the name of a hacker recently in the news ("Guccifer", whom was in court the previous month), steps forward, calling himself Guccifer2.0 and claiming responsibility for the hack. He affirms the DNC statement and claims to be a source for Wikileaks. The first 5 documents he posts are purposefully tainted with 'Russian Fingerprints' (and don't really appear to have been from the DNC) and the first of those documents just so happens to be the "Trump Opposition Research" the DNC announce on the previous day.
Guccifer 2.0 fabricated his evidence and lied about the source of his evidence. The fabrication and the lie conveniently corroborated claims made by CrowdStrike executives that were published just one day earlier. |
link | arch |
| 15th |
 |
TheSmokingGun publishes article "DNC Hacker Releases Trump Oppo Report" by William Bastone, detailing an email they received from Guccifer2.0 claiming responsibility for the DNC hack - provding a document more damaging to Trump than the DNC as initial proof of being responsible for the breach. |
link | arch |
| 15th |
 |
Gawker also report that they've received files from Guccifer2.0 in an article title: "This Looks Like the DNC's Hacked Trump Oppo File" - The article notes the presence of "Felix Edmunovich" in Cyrillic letters within the metadata. |
link | arch |
| 16th |
 |
ArsTechnica publish article titled: "Lone wolf claims responsibility for DNC hack, dumps purported Trump smear file" |
link | arch |
| 16th |
|
ArsTechnica publish article titled: "“Guccifer” leak of DNC Trump research has a Russian’s fingerprints on it" |
link | arch |
| 17th |
|
Gawker post an article titled: "Contrary to DNC Claim, Hacked Data Contains a Ton of Personal Donor Information". It mentions that documents that they are provided include the names: "Ernesto Che" and "Felix Edmundovich" in the metadata. |
link | arch |
| 17th |
 |
ThreatConnect publish report titled "Rebooting Watergate: Tapping into the Democratic National Committee" |
link | arch |
| 18th |
|
Posts blog entry titled: "New docs from DNC network: lots of financial reports and donors’ personal data" - Seems there's an intent to focus on the fact it has "personal" data, to quote G2: "including e-mail addresses and private cell phone numbers. Ha! Ha! Ha!" |
link | arch |
| 20th |
|
|
link | arch |
| 20th |
|
|
link | arch |
| 20th |
|
Post blog entry titled: "Dossier on Hillary Clinton from DNC. Expect It". Promises to deliver on 21st June. Posts 2 screenshots of a memo (that looks like it was sent to a broad list of people anyway) with everything but a header blurred out showing the email purportedly from Brian Fallon acting as Press Secretary for HFA. Posts tweet linking to article. |
link | arch |
| 21st |
 |
Article published titled "We Spoke to DNC Hacker 'Guccifer 2.0'" by Lorenzo Franceschi-Bicchierai. |
link | arch |
| 21st |
|
Articled published titled "Here's the Full Transcript of Our Interview With DNC Hacker 'Guccifer 2.0'" by Lorenzo Franceschi-Bicchierai. |
link | arch |
| 21st |
|
Post blog entry title: "Dossier on Hillary Clinton from DNC" - Containing links to various, widely circulated and non-classified documents relating to the DNC and HRC. - Posted tweet linking to article. |
link | arch |
| 21st |
|
TSG publishes article titled: "DNC Researched Clinton Speeches, Travel Records" |
link | arch |
| 22nd |
|
Posts blog entry titled: "Want to know more about Guccifer 2.0?" |
link | arch |
| 22nd |
|
|
link | arch |
| 22nd |
|
|
link | arch |
| 23rd |
|
Article published titled: "Why Does DNC Hacker 'Guccifer 2.0' Talk Like This?" posted by Lorenzo Franceschi-Bicchierai. Includes language analysis assessments from 3 different individuals. (We check out all of these claims and Guccifer2.0's overall use of language as well as look in more detail at the differences in language construction rather than just take assessments at face value) |
link | arch |
| 27th |
 |
Guccifer 2.0 communicates with Cassandra Fairbanks. |
link |
| 27th |
|
TSG publishes article titled: "Tracking The Hackers Who Hit DNC, Clinton" in which Guccifer 2.0 falsely claims DCLeaks is a "sub-project" of WikiLeaks. |
link | arch |
| 29th |
|
ThreatConnect publishes article titled: "The Shiйy ФbjЭkt?" / "Shiny Object? Guccifer 2.0 and the DNC Breach" |
link | arch |
| 29th |
|
|
link | arch |
| 30th |
|
Posts blog entry titled: "FAQ from Guccifer 2.0" |
link | arch |
July 2016 |
| 4th |
|
|
link | arch |
| 5th |
 |
6:45 PM EDT - Guccifer 2 NGP/VAN documents transfer |
link |
| 6th |
|
Posts blog entry titled: "Trumpocalypse and other DNC plans for July". Posts tweet linking to article. |
link | arch |
| 7th |
|
|
link | arch |
| 7th |
|
ThreatConnect publish article titled: "What's in a Name Server?" |
link | arch |
| 8th |
|
|
link | arch |
| 8th |
|
|
link | arch |
| 8th |
|
Guccifer 2.0 communicates with Cassandra Fairbanks. |
link |
| 10th |
 |
Seth Rich murdered. - There are some who suspect Seth Rich may be related to the leaks. - This article isn't concerned with trying to support or refute that claim, we are only including this for sake of reference in the timeline. |
link | arch |
| 11th |
|
|
link | arch |
| 14th |
|
Posts blog entry titled: "New DNC docs" |
link | arch |
| 17th |
|
|
link | arch |
| 19th |
|
|
link | arch |
| 19th |
|
|
link | arch |
| 19th |
|
|
link | arch |
| 19th |
|
|
link | arch |
| 19th |
|
|
link | arch |
| 19th |
|
|
link | arch |
| 20th |
|
ThreatConnect publish report titled: "Guccifer 2.0: the Man, the Myth, the Legend? " |
link | arch |
| 22nd |
|
Wikileaks start publishing the DNC emails. |
link | arch |
| 22nd |
|
|
link | arch |
| 26th |
 |
Kevin Collier of Vocativ publishes article "Guccifer 2.0 Is Likely A Russian Begging Us To Write About DNC Hack" |
link | arch |
| 26th |
 |
Joe Uchill of The Hill posts article: "Evidence mounts linking DNC email hacker to Russia" and cites an email he shared with ThreatConnect from which they identify G2 is using a Russian VPN service. |
link | arch |
| 26th |
|
ThreatConnect publish report titled "Guccifer 2.0: All Roads Lead to Russia" |
link | arch |
| 27th |
|
TAIA Global release a brief (and questionable) analysis asserting that Guccifer2.0 is likely Russian for a variety of contrived reasons quite a few of which require contorting through statistical likelihoods of noun usage between Russian and Romanian languages.
I think this particular effort was well intentioned but was heavily dependent on mathematical parameters (frequencies, averages, etc of word types, etc.) that made it insufficient to draw strong conclusions from in the way that an analysis of langauge flow, sentence construction and frequency of syntactical errors can provide. |
arch only |
| 29th |
|
ThreatConnect publish report titled "FANCY BEAR Has an (IT) Itch that They Can't Scratch" |
link | arch |
August 2016 |
| 12th |
|
TSG Publish article by William Bastone titled: "Tracking The Hackers Who Hit DNC, Clinton". |
link | arch |
| 12th |
|
TSG Publish article titled: "Hacker Publishes List Of Cell Phone Numbers, Private E-Mails For Most House Democrats" |
link | arch |
| 12th |
|
ThreatConnect publish report titled "Does a BEAR Leak In The Woods?" which covers Guccifer 2.0's use of DCLeaks as an outlet. |
link | arch |
| 12th |
|
Posts blog entry titled: "Guccifer 2.0 hacked DCCC" |
link | arch |
| 12th |
|
|
link | arch |
| 12th |
|
|
link | arch |
| 14th |
 |
Patrick Tucker, writing for Defense One publishes "Russian-Linked Group Leaks US Lawmakers’ Phone Numbers, Emails" - It makes a good, detailed collation of the arguments and assessments that suggest Guccifer2.0 is Russian, is Wikileaks source, is linked to APT-28/APT-29, etc. |
link | arch |
| 14th |
|
|
link | arch |
| 15th |
|
Posts blog entry titled: "DCCC Internal Docs on Primaries in Florida". Posts tweet linking to article (arch). |
link | arch |
| 15th |
|
|
link | arch |
| 15th |
 |
Guccifer 2.0 communicates with Robbin Young. |
link |
| 15th |
 |
Guccifer 2.0 communicates with Roger Stone. |
link |
| 16th |
|
Guccifer 2.0 communicates with Robbin Young. |
link |
| 17th |
|
Guccifer 2.0 communicates with Roger Stone. |
link |
| 17th |
|
|
link | arch |
| 19th |
|
ThreatConnect publish article titled: "Russian Cyber Operations on Steroids" - Includes good example of a Russian trying to communicate in English. |
link | arch |
| 21st |
|
Guccifer 2.0 communicates with Cassandra Fairbanks. |
link |
| 21st |
|
Guccifer 2.0 communicates with Robbin Young. |
link |
| 21st |
|
Posts blog entry titled: "DCCC Docs On Pensylvania". Posts tweet linking to article (arch). |
link | arch |
| 25th |
|
Guccifer 2.0 communicates with Robbin Young. |
link |
| 30th |
|
Guccifer 2.0 communicates with Robbin Young. |
link |
| 30th |
|
Posts blog entry titled: "DCCC Docs from Pelosi’s PC". Posts tweet linking to article (arch). |
link | arch |
| 30th |
|
|
link | arch |
September 2016 |
| 1st |
|
12:00 PM - 4:00 PM EDT - Material for Guccifer 2 ngp-van 7zip file collected |
link |
| 2nd |
|
ThreatConnect publish article titled "Can A BEAR Fit Down A Rabbit Hole?"
(It includes a perfect example of English language when written by Russians - difficulty with definite articles is a consistent trait rather than being an infrequent flaw, such as we see a lot of the time when Guccifer2 communicates.) |
link | arch |
| 2nd |
|
|
link | arch |
| 2nd |
|
|
link | arch |
| 2nd |
|
Guccifer 2.0 communicates with Cassandra Fairbanks. |
link |
| 7th |
|
|
link | arch |
| 9th |
|
Guccifer 2.0 communicates with Roger Stone. |
link |
| 10th |
|
|
link | arch |
| 11th |
|
|
link | arch |
| 12th |
 |
Jeffrey Carr publishes article titled: "The Guccifer2.0 Problem at the White House" at Medium. |
link | arch |
| 12th |
|
|
link | arch |
| 13th |
|
Guccifer 2 releases NGP/VAN 7zip file |
link |
| 13th |
|
Article published titled: "Hacker Guccifer 2.0 Gives Rambling Speech at Cybersecurity Conference" - Includes full transcript of G2's statement for the Cybersecurity Conference. |
link | arch |
| 15th |
|
Posts blog entry titled: "Dems Internal Workings in New Hampshire, Ohio, Illinois, North Carolina" |
link | arch |
| 22nd |
|
|
link | arch |
| 23rd |
|
Posts blog entry title: "Dossier on Ben Ray Lujan". Also posts tweet linking to the article (arch). |
link | arch |
| 23rd |
|
Publishes article titled: "Guccifer 2.0 Releases Hacked Info On Democratic Congressman" by Kevin Collier. |
link | arch |
| 25th |
|
|
link | arch |
| 25th |
|
|
link | arch |
| 25th |
|
|
link | arch |
| 25th |
|
|
link | arch |
| 25th |
|
|
link | arch |
October 2016 |
| 4th |
|
Posts blog entry titled: "Guccifer 2.0 Hacked Clinton Foundation". Also posts tweet linking to article (arch). |
link | arch |
| 4th |
|
|
link | arch |
| 4th |
|
|
link | arch |
| 4th |
|
|
link | arch |
| 4th |
|
|
link | arch |
| 4th |
|
|
link | arch |
| 5th |
|
Sean Gallagher, for arsTechnica, posts article titled: "Guccifer 2.0 posts DCCC docs, says they’re from Clinton Foundation" |
link | arch |
| 17th |
|
|
link | arch |
| 18th |
|
Posts blog entry titled: "Trump’s taxes: Clinton campaign prepares a new provocation". Also posts Tweet linking to the article (arch). |
link | arch |
| 25th |
|
Jeffrey Carr posts article titled: "The Yandex Domain Problem - Or Who In Russian Intelligence Doesn’t Speak Russian?" - Pointing out an apparent anomaly in the behavior of APT-28 aka "Fancy Bear" aka TF4127 in which it uses a Yandex email for phishing, from a Yandex domain typically used when someone registers from outside of Russia. |
link | arch |
November 2016 |
| 4th |
|
Posts blog entry titled: "Info from inside the FEC: the Democrats may rig the elections" |
link | arch |
| 4th |
|
|
link | arch |
| 11th |
 |
Article is published by DataBreaches.net titled "DCLeaks was a conspiracy to get Trump elected, but wait until you hear these Russian hackers’ motivation!" detailing an interesting story in which a persona with the name "BadVolf" claims to be behind DCLeaks and Guccifer 2.0 apparently turns up mid-conversation. However, BadVolf then struggles to demonstrate he has any real control of DCLeaks. (An article going into a lot more detail about BadVolf is here) |
link | arch |
December 2016 |
| 8th |
|
ThreatConnect's Toni Gidwani provides a presentation for Duo Tech Talks covering ThreatConnect's findings in 2016 and covers details that confirm their assessment, albeit with a little cherry picking from 3rd party media articles where convenient, discounting the lack of Russian traits in the English language flaws of Guccifer2.0 (that is actually covered in the Vice article Toni cited), whom, they assess, may be a committee of Russians. |
link
|
| 29th |
 |
ODNI/DHS "GRIZZLY STEPPE – Russian Malicious Cyber Activity" Report published. |
link | arch |
January 2017 |
| 6th |
|
ODNI/DHS "Background to “Assessing Russian Activities and Intentions
in Recent US Elections”: The Analytic Process and Cyber
Incident Attribution" Report published. |
link | mirror |
| 12th |
|
Post article titled: "Here I am Again, My Friends!" and an accompanying Tweet (arch). |
link | arch |
| 14th |
 |
Mike Wendling of the BBC posts an article titled: "Conversations with a hacker: What Guccifer 2.0 told me" detailing messages sent back and forth between Mike and Guccifer2.0 in October 2016. |
link | arch |
February 2017 |
| 8th |
 |
"Guccifer2.0: Game Over" site is launched. |
- |
| 10th |
|
ODNI/DHS release "Enhanced Analysis of Grizzly Steppe Activity", Guccifer2.0 is only referenced in relation to ThreatConnect tracing him to a Russian VPN. This, however, is unduly conflated with APT28. |
link | arch |
| 17th |
 |
tvor_22 posts article highlighting the flaws in reporting on Guccifer2.0 and reports on a discovery made concerning matching RSIDs found in several documents (suggesting the "Russian Fingerprints" may have been applied to several of the documents in an intentional manner.) |
link | arch |
| 22nd |
 |
Dave Levinthal of PublicIntegrity.org tweets a screenshot of an email from the FEC's Information Office originally from November 4th in relation to Guccifer2.0's claims to have acquired information from inside the FEC. |
link | arch |
March 2017 |
| 5th |
 |
Publishes article titled: "Hunting the DNC hackers: how Crowdstrike found proof Russia hacked the Democrats" |
link | arch |
| 8th |
|
tvor_22 posts article titled "This Fancy Bear's House is Made of Cards: Russian Fools or Russian Frame-Up" covering the topics of DCLeaks, APT28 and Guccifer 2.0. |
link | arch |
April 2017 |
| 3rd |
 |
Steve Cunningham has an article published in The Gateway Pundit highlighting assumptions made in Thomas Ridt's testimony as well as covering a part of a Twitter DM conversation in which Guccifer 2.0 makes a statement about Seth Rich to Robbin Young. |
link | arch |
| 11th |
 |
Steve Cunningham published in The American Thinker covering Kevin Mandia (of FireEye) concession that there is no evidence linking Guccifer 2.0 to the DNC hack. |
link | arch |
May 2017 |
| 25th |
|
Article title: "Florida GOP consultant admits he worked with Guccifer 2.0, analyzing hacked data" - A recycling of an article originally out in December, main difference, it's a GOP operative called Aaron Nevins rather than the pseudonym "Mark Mieword". |
link | arch |
July 2017 |
| 5th |
 |
The Washington Post publishes an article titled: "Hacked computer server that handled DNC email remains out of reach of Russia investigators" - CrowdStrike, in an attempt to defend themselves, cite disk-images given to the FBI, what they don't say, is whether those images covered the point in time when the emails were exfiltrated from the DNC's network (and it's very likely they don't). |
link | arch |
| 9th |
|
The Forensicator emerges and publishes his first article titled "Guccifer 2.0 NGP/VAN Metadata Analysis" |
link | arch |
| 14th |
 |
publishes "Just Six Days After Trump Jr.’s Meeting, Guccifer 2.0 Emailed Me — But There Was One Key Difference" - Pulling Rob Goldstone into the mix on the basis that the Clinton/Russia stuff offered (by a Brit) was a few days apart from Guccifer 2.0's activities. |
link | arch |
September 2017 |
| 18th |
 |
Stephen McIntyre publishes "Time zone of Guccifer 2 cf.7z", an analysis of the archive released by Guccifer 2.0 on October 4, 2016 revealing that the files there appear to have been handled in the CDT time zone. |
link | arch |
| 19th |
|
Forensicator publishes "Guccifer 2.0 CF Files Metadata Analysis". Following on from the analysis and discoveries made by Stephen McIntyre. |
link | arch |
| 19th |
|
Stephen McIntyre publishes: "Guccifer 2 Email Time Zone", highlighting an apparent CDT timezone for Guccifer 2.0 that was possible to determine from an email chain between the persona and The Smoking Gun that originally took place on June 27, 2016. |
link | arch |
| 23rd |
|
Stephen McIntyre publishes "Guccifer 2 and 'Russian' Metadata". |
link | arch |
November 2017 |
| 4th |
 |
publishes "Inside story: How Russians hacked the Democrats’ emails" that details how, in late June 2016, Guccifer 2.0 had pointed reporters to the DCLeaks site. |
link | arch |
| |
|
|
|
February 2018 |
| 15th |
Image
TBA |
David Jonathan Blake publishes "Doc 1 – Part One: Manipulations, Fonts & Fakery", providing a look at Guccifer 2.0's first document and documenting the discovery of a GMT+3 indicator. |
link | arch |
| 15th |
Image
TBA |
David Jonathan Blake publishes "Doc 1 Part 2: Binary Chunks", providing a look at Guccifer 2.0's first document and documenting the discovery of a GMT+3 indicator. |
link | arch |
March 2018 |
| 22nd |
 |
Daily Beast publishes article about Guccifer 2.0 "slipping up" and leaving behind a Moscow IP address (however, the subsequent Mueller report suggests this was a proxy that was logged into by whoever was behind Guccifer 2.0 rather than a genuine slip-up exposing Guccifer 2.0's real end-point as the Beast story seems to be arguing). |
link | arch |
| |
|
|
|
April 2018 |
| 30th |
|
Forensicator publishes: "Did Guccifer 2.0 fabricate his Russian fingerprints?" - An analysis of Guccifer 2.0's first batch of fabricated documents. |
link | arch |
| |
|
|
|
May 2018 |
| 10th |
|
Forensicator publishes: "Media Mishaps: Early Guccifer 2.0 Coverage". |
link | arch |
| 29th |
|
Forensicator publishes: "Guccifer 2's West Coast Fingerprint" which looks at documents with track changes enabled where a PDT timezone indication was left behind. |
link | arch |
| |
|
|
|
August 2018 |
| 12th |
Image
TBA |
Bruce Leidl published "The HRC_pass..zip documents" reporting on the discovery of a CDT time zone indicator discovered in an archive that Guccifer 2.0 had originally released on June 21, 2016. |
link | arch |
| |
|
|
|
November 2018 |
| 26th |
|
Forensicator publishes: "Guccifer 2's Russian Breadcrumbs" - An extensive analysis of Guccifer 2.0's other Russian breadcrumbs. |
link |arch |
| |
|
|
|
December 2018 |
| 8th |
|
Forensicator publishes: "Guccifer 2 Returns To The East Coast" which looks at an EDT timezone indication left behind by Guccifer on July 6, 2016. |
link | arch |
| |
|
|
|
April 2019 |
| 18th |
 |
The Mueller Report is published. It attributes Guccifer 2.0 to the GRU but fails to produce compelling evidence to support the attribution. It also reveals that the Moscow IP previously reported on by the Daily Beast was a proxy (that we are to assume was used by GRU officers) but doesn't disclose the IP address, making the claim difficult to scrutinize and impossible to falsify. |
link |
| 22nd |
|
Forensicator publishes: "A Closer Look At Guccifer 2's DNC email attachments". |
link | arch |
| 29th |
|
Forensicator publishes: "More Evidence That Guccifer 2 Planted His Russian Breadcrumbs" - a look at locale indicator conflicts discovered in many documents Guccifer 2.0 released in July 2017. |
link | arch |
| |
|
|
|
May 2019 |
| 6th |
|
G2GO article: "The Mueller Report - Expensive Estimations And Elusive Evidence" is published, detailing the shortcomings and lack of evidence in relation to the technical portions of the Mueller report. |
link |
| 27th |
|
Forensicator publishes: "Transfer Rate Suggests Guccifer 2 used a Thumb Drive in the US Central Timezone" - a closer look at Guccifer 2’s HRC_pass.zip file reaching the surprising conclusion that its source data was likely copied from a thumb drive, at a location somewhere in the US. |
link | arch |
| |
|
|
|
June 2019 |
| 17th |
|
Forensicator publishes "The Campbell Coincidence", a response to Duncan Campbell's timestamp tampering theory arguing that transfer durations and outliers were ignored. |
link | arch |
October 2019 |
| 29th |
|
G2GO article: "Why Were Miranda's Mails Missed By Mueller?" questions a troubling absence of evidence relating to the acquisition of the DNC's emails. |
link |
December 2019 |
| 20th |
|
G2GO article: "Guccifer 2.0: Evidence Versus GRU Attribution" is published (likely to be the final detailed summary of discoveries to be published by the project). |
link |
April 2020 |
| 29th |
 |
Roger Stone's FBI arrest warrant application is released into the public domain. The document reveals dialog between Guccifer 2.0 and WikiLeaks that wasn't previously known. |
link |
May 2020 |
| 21st |
 |
Article titled "Guccifer 2.0's Hidden Agenda" published in Consortium News looks at Guccifer 2.0's efforts to associate itself with WikiLeaks in the context of what we know about the persona [disclosure: article authored by myself]. |
link |