Read on Twitter
On November 3rd 2020 the United States presidential election will take place. Exactly 4 years ago Russian hackers shook up the previous presidential election with unprecedented actions. Let's take a look at events enfolding in 2016 and compare activities to this year. 
September 2015: It all started when the FBI warned the DNC that at least one computer within their network was hacked. The DNC didn't do anything about it, the FBI? They didn't follow up on the alert. https://www.wired.com/story/fbi-hacking-victim-notifications/
March 2016: Fancy Bear started sending spearphishing links to DNC members, amongst others: John Podesta. He opened the email, he clicked the link, he entered his credentials. Providing Fance Bear direct access to his mailbox and valid credentials. https://www.cbsnews.com/news/the-phishing-email-that-hacked-the-account-of-john-podesta/
April 29, 2016: The DNC hires CrowdStrike to perform Incident Response on their network. Within 1 day CrowdStrike concluded: "It's the Russians". They decided not to share this information publicily, for the moment at least.
May 18, 2016: James Clapper from the Defense Intelligence Agency (DIA) infroms the public about evidence they've found about hacked presidential campaigns, amongst others the DNC and DCCC. https://www.latimes.com/nation/la-na-hackers-campaign-20160518-snap-story.html
June 15, 2016: First blood. A 200+ page report, the so called "Trump Oppo Report" is being leaked online. Gawker, The Smoking Gun and The Washington Post report about it. A hacker calling himself Guccifer 2.0 claims credit. http://www.thesmokinggun.com/documents/crime/dnc-hacker-leaks-trump-oppo-report-647293
June 15, 2016: It should be noted that Guccifer 2.0 is a reference to a person calling himself Guccifer that was arrested for hacking the email server of Hillary Clinton. Guccifer 2.0 is a direct reference to this.
July 22, 2016: Wikileaks starts leaking the first emails of a larger batch of emails they posses. Scandals emerge directly. The timing of Wikileaks is interesting because in 3 days the DNC congress starts.
July 25, 2016: The DNC Congress starts with large crowds of protesters at the entrance of the building. Cogresswoman Debbie Wasserman Schultz resigns.
July 27, 2016: The FBI scales up their investigation and comes with results: They have HIGH CONFIDENCE Russia is behind the attacks, but they are still doubting whether this is "Fairly routine cyber espionage or as part of an effort to manipulate the 2016 presidential election."
July 29, 2016: The DCCC makes an official statement it too was hacked. And most likely by the same actors. https://www.nbcnews.com/news/us-news/hack-democratic-congressional-campaign-committee-tied-earlier-breach-n619786
August 15, 2016: DCCC documents start leaking online.
August 27, 2016: A new hacker group pops-up online: THE SHADOW BROKERS. The Shadow Brokers is a character within a computer game, a popular game amongst NSA employees. The purpose of this character is to sell valuable information on the darkweb.
August 27, 2016: It's exactly what the shadow brokers are doing: Selling NSA weapons. The largest and most valuable batch of cyber weapons ever stolen and leaked online. Direct impact on NSA is unclear, but we can imagine it must have been crippling to many of its operations.
November 6, 2016: Final batch of emails released by Wikileaks.
November 8, 2016: Trump gets elected.
2020: Now how does this compare to this years election? Why am I not seeing anything? Good question. Thus far nothing really happened, right? Well, that's kind of true. The only concrete thing we have at the moment is the Microsoft's report about Strontium. https://blogs.microsoft.com/on-the-issues/2019/10/28/cyberattacks-sporting-anti-doping/
2020: Microsoft concluded with HIGH CONFIDENCE Russian hackers were targeting the presidential campaigns -again-, but this time their tactics are different. In 2016 they used spear phishing, this year they use credential stuffing and password spraying.
2020: It should be noted that spear phishing is very targeted and once detected you know you're targeted. On the other hand: Credential stuffing and password spraying are 'normal'. Connect your computer to the internet and you will receive attacks of this type within seconds.
2020: It is only until recently Microsoft found out it is Fancy Bear doing these attacks and they are also pretty targeted: 200 organisations including UK political parties, the European Peoples Party and the US presidential campaigns + associated think tanks.
2020: According to Microsoft these attacks started in September 2019, now look at the first date of this thread, it's September 2015. Doesn't say much though... But this is not the only thing. Around June 2020 Fancy Bear infrastructure started disappearing.
2020: Where infrastructure was online for years all of a sudden the infrastructure went offline. Not expired but clearly switched off. The big question here is, who's doing this? And why?
2020: Thus far nothing as explosive as in 2016 has happened, but comparable activity has been spotted. James Clapper his words probably describe this years activity best: "It is unclear whether the activity is intended as Fairly routine cyberespionage or as part of an effort to..
