Cozy Bear hackers are skilled at rummaging through a network without drawing attention, said Matthew Dunwoody, a FireEye security researcher. Once in, they often swap out their phishing tools for malware that can be hard to detect, he said.
FireEye said that although Cozy Bear was the likeliest culprit, the firm could not firmly establish who was responsible for the 2018 campaign against the D.N.C. and other targets. CrowdStrike, another cybersecurity firm, also noted an uptick in hacking activity in November, but it could not say definitively that Cozy Bear was to blame.
Cozy Bear, also known by security firms as APT 29 or the Dukes, was one of two Russian groups involved in the 2016 hacking of the D.N.C. It has not attracted the same scrutiny as the other group, Fancy Bear, or APT 28, which has been linked to a string of cyberattacks against the D.N.C., the International Olympic Committee and other international organizations.
Cozy Bear has been active since 2016, security researchers say, and has been linked to a coordinated wave of hacking attacks on Democratic Party officials.
The D.N.C. says in the amended complaint that the November campaign was consistent with a continuing push by Russian hackers to target Democratic candidates and party leaders. In 2017, Russian hackers are believed to have attempted a hack of the computer network of former Senator Claire McCaskill of Missouri and the networks of at least two other candidates in the midterm elections.
Mr. Trump has long denied any collusion with Russia, and in December several defendants named in the D.N.C.’s lawsuit argued that it should be dismissed because the committee was using it to try to “explain away” the Democratic “candidate’s defeat in the 2016 presidential campaign.”
On Friday, Geoffrey A. Graber, a D.N.C. lawyer, said the committee expected defendants named in the case to file another motion for dismissal soon.
The Russian government has consistently denied hacking the D.N.C. In a “statement of immunity” from Russia’s Ministry of Justice, Russian authorities argued that even if it were responsible for the hacking, such a “sovereign act” would be considered a “military action” protected by a 1976 law that offers some immunity from lawsuits regarding foreign governments’ actions in the United States.