The hack attempts have been made in the past six months and can be attributed to two groups, called APT28 and APT29, in the US also called Fancy Bear and Cozy Bear. The groups try to steal the credentials of government employees by sending targeted phishing emails and set up fake websites where people can sign in.
APT28 and APT29 are affiliated with the Russian government and gather political and military intelligence and they work separately. They attacked in the past mainly governments, think tanks, universities and companies. The groups were discovered in 2013 and 2014, but the malware they use goes back to 2008. About the differences between the groups says Fox-IT CEO Ronald Prins: “APT29 operates much more cautious than APT28.”