Hackers linked to the Russian government stole research files on Donald Trump from the Democratic National Committee, according to a US firm investigating the breach.

Some of the hackers had been lurking in the systems since at least last summer, well before Trump sealed the Republican nomination, but only recently exfiltrated the Democratic party’s cache of files on Trump’s business dealings and past political statements, investigators said.

Political parties normally use such files for attack ads and leaking story ideas to journalists while spy agencies typically maintain dossiers on world leaders to better understand their thinking and habits. The Washington Post previously reported on the breach on Tuesday.

“Everyone around the world is trying to figure out, ‘Who is Mr Trump?’” said Dmitri Alperovitch, chief technology officer of Crowdstrike, the cybersecurity firm the DNC hired to investigate the breach. “What is his foreign policy going to be? What is it going to be in relation to Russia? He’s said some complimentary things about Putin. How real is that?”

Crowdstrike said it actually found two different hacking groups going after the Trump files. The company believes the hackers that got in last summer might be linked to Russia’s federal security service, known as FSB, while another team that got into the system in April are probably linked to Russian military intelligence.

Crowdstrike spent the weekend removing the hackers from the party’s computers. Neither the Russian embassy nor the DNC responded immediately to a request for comment.

Following high-profile data breaches, companies such as Crowdstrike act as part IT guy, part private intelligence service. The victims hire them to clean up the mess and get computers working again. But they also try to figure out who was behind the hack.

Crowdstrike, staffed by people who have either worked for or close to the US government, has a particular specialty in tracking what many believe are hacking teams for the Russian and Chinese governments. However, making such determinations from the US is often a mix of forensic evidence, government sources and unprovable hunches.

Some of the hackers found inside the DNC’s machines have previously been linked to espionage campaigns against Nato and Germany’s Bundestag.

Foreign cyberspies have a long history of targeting America’s political campaigns. China, for instance, was accused of hacking Barack Obama’s and John McCain’s presidential campaigns during the 2008 US election. US spies regularly target national party systems in China, Russia and other countries.

But in this case, it’s not clear the DNC would have too much of an issue with people stealing its Trump files. Parties ostensibly gather and maintain opposition research for the purpose of spreading negative stories. Crowdstrike’s Alperovitch said there was no evidence of any other data being taken from the party.

It’s less clear what Trump will make of the breach. In the past he has boasted that President Vladimir Putin of Russia has called him “bright and talented”. Trump has also praised Putin as a “strong leader. He’s a powerful leader.”

The presumptive GOP nominee had not posted on Twitter about the breach as of Tuesday afternoon.

But it certainly adds another surreal element to an already bizarre election.

When reporters asked Senator Lindsey Graham, who briefly ran against Trump in the GOP primary this year, about the incident, he responded with: “Are you making that shit up?”