Russian Hackers Cozy Bear Disrupted the U.S. Elections—This Is How We Know

russian hackers cosy bear elections
The Red Square, with St. Basil's Cathedral and the Mausoleum of Soviet state founder Vladimir Lenin in Moscow, Russia, November 5, 2017. REUTERS/Grigory Dukor

American intelligence agencies' revelations about Russian hackers attempting to sway the 2016 elections in favor of Donald Trump is thanks to a "fluke" breach on the part of Dutch spies, local media has reported.

In 2014, the Dutch intelligence agency AIVD infiltrated the computer network of a university building near Moscow's Red Square, which turned out to be the headquarters of the notorious Cozy Bear hacking group.

The AIVD was able to secretly monitor the Cozy Bear group—also known as APT29—and pass on evidence to U.S. intelligence agencies that Russian hackers attacked the Democratic National Committee (DNC), Dutch newspaper De Volkskrant and current affairs show Nieuwsuur reported on Thursday, January 26.

"We'd never expected that the Russians would do this, attacking our vital infrastructure and undermining our democracy," Chris Painter, a former cyber official at the U.S. State department, told the publication.

The reports cite six American and Dutch sources familiar with the matter who chose to remain anonymous.

De Volkskrant, who described the AIVD breach as a "fluke," reported that the Dutch hackers were also able to gain access to surveillance cameras within the Cozy Bear headquarters, allowing them to associate known Russian spies to the group.

Read more: Election meddling is hard work and Russia does not get enough credit, Russian Foreign Minister jokes

The data obtained by Cozy Bear hackers was sent to whistleblowing outlets including WikiLeaks and DCLeaks, before making its way to journalists.

A joint report in December 2016 from the U.S. Department of Homeland Security and the Federal Bureau of Investigation described how the Russian hackers operated.

"APT29 used legitimate domains, to include domains associated with U.S. organizations and educational institutions, to host malware and send spear phishing emails," the report stated. "In the course of that campaign, APT29 successfully compromised a U.S. political party."