The Guccifer 2.0 docs are still floating around. You can download and inspect the metadata in them if you’d like. When they were released most of the analysis was by private, independent security researchers and there were no gov’t agencies involved in the analysis chiming in at that point. Like this:
There’s a lot in that thread. You should read it. They were posting about docs that everyone was looking at at the same time, which were confirmed to be posted by the attacker.
The CloudStrike report lists findings. Though I wasn’t the one to do the forensics, inspect the malware, find the Russian C&C server and Russian crypto keys reused from other attacks in the malware, and other damning evidence that gives near absolute confidence on who the attacker was, I don’t have any good reason to doubt CloudStrike. They’re a good, independent private InfoSec group in my professional opinion.
The Russians were really sloppy in their opsec and got pinned for it. You can determine this without referring to any claims from intelligence agencies.
