Proving who pulled off a cyber attack is never easy and sometimes impossible. That\u2019s the reality investigators face as they try to figure out who breached the network of the Democratic National Committee, which revealed last week that hackers had made off with confidential documents including research on Republican presidential opponent Donald Trump.Russia was fingered as the likely suspect, until a hacker calling himself Guccifer 2.0 stepped up and claimed that he acted alone. But despite what appear to be DNC documents posted by Guccifer online, some security experts remain convinced that a group of skilled Russian hackers was behind the attack - likely acting on behalf of the Russian government. Here's why they think that:The malwareThe breach began as far back as last summer and involved malware previously used by two hacking groups known as Cozy Bear and Fancy Bear.Both are thought to be based in Russia and considered among the best hacking teams in the world, said Michael Buratowski, a senior vice president with Fidelis Cybersecurity, which was called in\u00a0to examine the malware in the DNC attack.Not just anyone could have pulled off the attack, he said. For instance, the malware used to breach the DNC networks is relatively rare and highly developed.\u00a0A hacker\u00a0would need significant expertise to properly customize and deploy the code, something no amateur \u201cscript kiddie\u201d would possess, he said.A growing patternAnother big reason for suspecting Russian hackers is the target itself and what was stolen -- the attackers wanted information related to political campaigns and foreign policy plans.\u00a0Cybercriminals are typically more interested in financial data such as credit card numbers, noted Ben Johnson, chief security strategist for Carbon Black.\u00a0This fits with the pattern of Cozy Bear and Fancy Bear, whose past victims include the White House and the U.S. State Department, in addition to businesses in defense, energy and aerospace. Email systems of top U.S. officials have also been among their targets.\u00a0\u201cIt seems like the attackers knew what they were after,\u201d Johnson said. \u201cThey also didn\u2019t kick up a lot of dust.\u201dAlthough the initial breach began last summer, the DNC became aware of it only in late April. This suggests the hackers were probably experts and had done that type of hack before.\u201cAttribution is incredibly difficult,\u201d Johnson said. \u201cBut from what we\u2019ve seen, it\u2019s most likely that a sophisticated group is responsible.\u201d \u00a0RussiaIt's difficult to definitively link a hacker group to a government, but security firms have made a connection to Russia by examining attack patterns over a long period of time, said Mark Arena, CEO of security firm Intel 471.\u00a0For example, past attacks by Fancy Bear show consistent use of the Russian language in developing its malware. Their targets have included NATO and Eastern European governments, with a focus on stealing political and military data, as opposed to intellectual property -- more typically a target of Chinese hackers.Targeting the DNC could obviously align with Russia's goals, as one of the U.S.'s biggest geopolitical opponents.Russian officials have flatly denied any involvement, but that doesn't tell us much one way or the other.The timingA lone hacker, Guccifer 2.0, has sought to take credit for the DNC hack, claiming it was "easy, very easy," and leaking several documents to back up his claim.\u00a0Some media reports\u00a0say the hacker is Romanian and dislikes Russians.Not everyone believes the claims. On Tuesday, the DNC itself said the leaked files may be \u201cpart of a disinformation campaign by the Russians.\u201dIn Guccifer 2.0's first post, the hacker mocked CrowdStrike, the security firm that claimed Russians were behind the breach, and denounced unspecified "illuminati" and their \u201cconspiracies.\u201d\u201cTogether we\u2019ll be able to throw off the political elite, the rich clans that exploit the world!\u201d the hacker wrote in another posting.Johnson sees the timing of Guccifer's appearance as too convenient.\u201cIt\u2019s a very timely cover-up,\u201d he said. \u201cIt seems a little too staged.\u201dBuratowski agreed. He noted that Guccifer 2.0 could be one person or multiple people belonging to a larger group.\u00a0Metadata found within the leaked DNC documents included snippets of Russian.\u201cThere\u2019s always the possibility that [Guccifer 2.0] is just a smokescreen to divert attention from the real actors,\u201dBuratowski said.