The first batch of emails sent on March 10th, 2016 were made to look like they came from Google and encouraged recipients to boost their security by changing passwords, but redirected to a site the hackers controlled. They proceeded to break into accounts some staffers hadn't used in almost a decade, indicating a serious brute force crawling of the internet. Those revealed contact lists for private emails of Clinton campaign staffers. By the second email barrage on March 11th, the hackers had found addresses for and sent phishing emails to high-value targets like Clinton aide Robert Russo and campaign chairman John Podesta.
Those personal emails seemed to be key. The hackers ran into resistance when they tried to attack the Clinton campaign's designated hillaryclinton.com email accounts, which were protected by two-factor authentication. But through persistence, they worked up the chain. On March 19th, according to documents previously published on Wikileaks, the hackers sent Podesta an email with a malicious link that was clicked on shortly thereafter, giving them access to at least 50,000 of his messages.
The phishing attempts continued through March, but the FBI started getting suspicious by the end of the month. Cybersecurity agency Secureworks, which had been tracking the suspected Russia-supported hacker collective Fancy Bear, caught on to who they were targeting and alerted authorities. By early April, Fancy Bear had moved on from campaign and DNC Democrats to target others. They particularly focused on vote security officials, including the DNC's former director of voter protection, whose personal account the group tried to break into many times since 2015.
By later April, the DNC had realized there had been a serious compromise of their security. The Trump campaign had gotten some information that it happened, as a Russian government-connected professor told former Trump foreign policy advisor George Papadopoulos on April 26th that the Kremlin had gotten dirt on Clinton. Then-chief executive of the DNC Amy Dacey was informed of the breach at the end of April, and on June 10th, a super-secret all-hands meeting told staffers about the breach.
Days later, after a cybersecurity firm cleaned the DNC staff's computers and devices, Julian Assange announced on British television that Wikileaks would publish Clinton's emails soon. The DNC publicly accused Fancy Bear as a Russian-backed group that broke into their systems. Days after that, the hacker Guccifer 2.0 first contacted news site The Smoking Gun. By the AP's count, Guccifer, Wikileaks and DCLeaks published over 150,000 emails taken from more than a dozen Democrats, all of whom had been phished at their personal or professional email accounts by Fancy Bear. And then, in October, Podesta's emails were released -- as the AP notes, on the same day that the audio tape was released wherein Trump brags about sexually harassing women.