Vladimir Putin at an award ceremony at the Museum of the GRU, Russia’s military intelligence agency. A GRU officer was reportedly behind the creation of the Guccifer 2.0 persona. (credit: Office of the President of Russia)

Soon after the June 2016 announcement by CrowdStrike that the Democratic National Committee’s network had been the victim of a long-running breach perpetrated by Russian intelligence agencies, someone going by the name “Guccifer 2.0” suddenly materialized to take credit for the breach. Guccifer 2.0 started leaking internal DNC documents soon after. Intelligence officials and security experts have previously insisted that Guccifer 2.0 was in fact part of a Russian intelligence information operations campaign and not, as the person or persons behind the blog and social media accounts associated with the Guccifer 2.0 identity insisted, a Romanian hacker inspired by the original Guccifer.

Now, the Daily Beast reports that intelligence officials had direct evidence of Guccifer’s true identity. One of the individuals maintaining Guccifer 2.0’s social media presence forgot to use a virtual private network to access a US-based social media platform, thus leaving an Internet Protocol address located in Moscow in the service’s logs. Working from that address, a source told the Daily Beast’s Spencer Ackerman and Kevin Poulsen that analysts were able to dig deeper and associate Guccifer 2.0 with a single individual: “a GRU officer working out of the agency’s headquarters on Grizodubovoy Street in Moscow,” Paulson and Ackerman reported. (The GRU, or Russian General Main Staff Intelligence Directorate, is Russia’s largest foreign intelligence agency.)