The hackers didn't just go after Hillary Clinton's presidential campaign.
They tried to break into the private email of the sitting U.S. secretary of state, attempted to steal the private correspondence of a manager working on Lockheed Martin's stealth fighter program, and sought to break into the accounts of thousands of others, including the punk band Pussy Riot and Russian opposition leader Alexei Navalny.
About 19,000 lines of data, recently shared by cybersecurity firm Secureworks, show that Fancy Bear — the hacking group blamed by U.S. intelligence agencies for disrupting last year's presidential election — tried to break into more than 4,700 Gmail inboxes in at least 116 countries between March 2015 and May 2016.
It's effectively a hit list — one that experts say points to the Kremlin.
"There is only one country whose interests this list would serve," said Keir Giles, the director of the Conflict Studies Research Center in Cambridge, England, and one of five experts who reviewed the AP's findings.
"Regardless of the inevitable denials from Moscow, it is the only explanation that makes sense," he said.
Russian officials have described claims that they orchestrated the hacking as "ludicrous" and "verging on fantasy." On Wednesday, Russian Deputy Foreign Minister Sergei Ryabkov said there was "not a single piece of evidence" to back the allegations.
But the Fancy Bear targets identified by the AP tell a different story. In more than 100 interviews, many blamed Moscow for the hacking.
"We have no doubts about who is behind these attacks," said Artem Torchinskiy, a Navalny lieutenant who was targeted by Fancy Bear in 2015. "I am sure these are hackers controlled by Russian secret services."
The largest groups of targets were in the United States, Ukraine, Russia, Georgia and Syria. The hackers tried to compromise employees of major U.S. defence contractors and attempted to steal the emails of then-Secretary of State John Kerry and former U.S. Army Gen. Wesley Clark. Also on the list were more than 130 Democrats and members of Clinton's inner circle, including campaign chairman John Podesta, whose correspondence was leaked in the closing days of the presidential race.
In response to the AP's reporting, the Democratic National Committee issued a statement Thursday saying the evidence that Russia had interfered in the election was "irrefutable."
Fancy Bear also tried to hack a swath of Ukrainian politicians, including Serhiy Leshchenko, who helped uncover the off-the-books payments allegedly made to Donald Trump campaign chairman Paul Manafort. Islamist rebels fighting the Russia-backed government of Syrian President Bashar Assad were targeted, too, as was Pussy Riot's Maria Alekhina.
Vasily Gatov, a U.S.-based Russian media analyst who was among those targeted by Fancy Bear, said the list provides a global context to the hack of the Democrats in early 2016.
"It complements the puzzle," said Gatov, who was initially skeptical of the idea that Russian intelligence had singled out the Democrats. "Now I'm convinced."
Allegations that Fancy Bear works for Russia aren't new. But raw data has been hard to come by. The U.S. intelligence community has made little proof available publicly.
The hit list made its way to AP after Secureworks stumbled upon a Bitly account being used by Fancy Bear to craft its malicious emails.
Over the course of its reporting, the AP found a direct line from Fancy Bear to the leaks that rocked the presidential contest in its final stages. All the Democrats whose private correspondence was published in the run-up to the election had previously been targeted by Fancy Bear either at their professional Gmail addresses or through the DNC, the AP found.
Even if only a fraction of the 4,700 Gmail accounts targeted by Fancy Bear were successfully hacked, the data drawn from them could run into terabytes — putting the operation in the same league as some of the largest leaks in journalistic history.
Merely identifying and sorting the targets took a team of six AP reporters eight weeks.
The AP's effort offers "a little feel for how much labour went into this" hacking endeavour, said Thomas Rid, a professor of strategic studies at Johns Hopkins University's School of Advanced International Studies.
He said the investigation should put to rest any theories like the one then-candidate Donald Trump floated last year that the hacks could be the work of "someone sitting on their bed that weighs 400 pounds."
"The notion that it's just a lone hacker somewhere is utterly absurd," said Rid.