Advanced Persistent Threat

(APT): An APT refers to a computerized cyber intruder that uses advanced coding tools, is consistent, and is malicious by nature. The threat could be either people or software and will operate for a long period of time in order to steal or destroy information. "To maintain access without discovery, the intruder must continuously rewrite code and employ sophisticated evasion techniques." (TechTarget)


Crowdstrike’s nickname for one of two APT malware suites used to hack the Democratic National Committee during the 2016 campaign. Crowdstrike and US intelligence officials suspect the Russian Federal Security Service or FSB runs COZY BEAR by utilizing the Communications Security Information Service or Russia’s NSA. Crowdstrike believes COZY BEAR accessed the DNC network over the summer of 2015 and monitored email and internal chat for more than a year. COZY BEAR also "compromised the unclassified email systems of the White House, State Department and Joint Chiefs of Staff in 2014." COZY BEAR has been linked to other hacks across the globe, including attacks in Ukraine, Estonia, France, Germany and the Republic of Georgia


The cyber security firm hired to respond to a suspected breach of the Democratic National Committee’s computer network in June 2016. Crowdstrike discovered two separate attacks, FANCY BEAR and COZY BEAR, which it quickly identified as hackers connected with Russian intelligence operations.


A suspected Russian Intelligence-originated website launched in June 2016 to publish emails stolen from high-profile United States government and military officials. ThreatConnect – a Virginia-based cyber security firm –tied the site to Guccifer 2.0 and FANCY BEAR, concluding the site either is run by or affiliated with Russia’s Military Intelligence Agency (GRU).


A nickname for one of two APT malware suites that hacked the Democratic National Committee during the 2016 campaign. Crowdstrike – the cyber security firm that discovered the hacks – believes Russian Military Intelligence known as GRU manages and maintains FANCY BEAR. Also known as Operation Pawn Storm, FANCY BEAR broke into the DNC network in April 2016 and targeted opposition research files, triggering the alarm that led investigators to discover two separate cyber espionage operations. Crowdstrike believes FANCY BEAR gained access into the network using spear phishing.

Guccifer 2.0

A "hacker" who claimed responsibility for breaking into the DNC network during the 2016 campaign. Guccifer 2.0 posted images of some of what he allegedly stole and emailed the information to several news organizations before handing the bulk of it over to Wikileaks which published "44,053 emails and 17,761 attachments." The stolen documents and data included an opposition file on Donald Trump, DNC donor and financial information, fundraising and strategy memos, and other proprietary correspondence. Guccifer 2.0 claimed he was Romanian, acted alone, and had no connection to Russia, but cyber security experts believe he is a fictitious front for Russian Military intelligence. The name "Guccifer" is a reference to an infamous Romanian hacker currently serving prison time for extensive hacking in 2013.

Spear Phishing

A hacking technique that uses personal information to craft and send a fraudulent email that seems to be coming from someone the target knows and trusts. Personalization increases the likelihood the target will open the email and click on a link or attachment, which floods the victim’s computer with secret malware and gives the hacker access to the target’s computer or network.


An antisecrecy website created in 2006 by Australian computer programmer Julian Assange. The website calls itself "a multi-national media organization and associated library’ which "specializes in the analysis and publication of large datasets of censored or otherwise restricted official materials involving war, spying and corruption." WikiLeaks rose to international prominence in 2010 when it published extensive classified information about the wars in Iraq and Afghanistan provided by former US Army soldier Chelsea Manning. During the 2016 US presidential campaign, WikiLeaks published documents and emails stolen by hackers from the Democratic National Committee and Hillary Clinton’s campaign manager John Podesta. In March 2017, WikiLeaks published Vault 7, a collection of stolen confidential documents detailing the CIA’s cyber surveillance and hacking capabilities. One month later, CIA Director Mike Pompeo gave a speech denouncing WikiLeaks as a "a non-state hostile intelligence service often abetted by state actors, like Russia."