The firm said a group it calls Strontium was behind the attacks, known to
security firms and government agencies as Fancy Bear or APT28 and widely believed to be linked to Russian intelligence.
“At Microsoft, we've seen recent activity targeting democratic institutions in Europe,” security chief Tom Burt wrote in a blog post.
“Attacks are not limited to campaigns themselves but often extend to think
tanks and non-profit organizations working on topics related to democracy, electoral integrity and public policy and that are often in contact with government officials,” he added.
APT28 has previously targeted the German parliament, or Bundestag, including in the summer of 2017 before countrywide elections.
Among others, Microsoft found the hackers targeted 104 employee accounts from well-known groups the German Council on Foreign Relations, the Aspen Institutes in Europe and the German Marshall Fund (GMF) between September and December 2018.
The hackers deployed so-called “spearphishing” tactics — using targeted
fake emails or websites to try and harvest workers' credentials and gain access to computer systems.
Among the targets were employees based in EU members Belgium, France, Germany, Poland and Romania as well as non-member Serbia.
“Organizations and individuals need to be aware and prepared that malign forces, including sophisticated state actors, seek to exploit them in the digital space,” GMF president Karen Donfried said in a blog post.
“It is more important than ever that we be vigilant to protect our democracies from foreign interference, including online.”
The Old Continent faces a string of votes in the coming months, including
European Parliament elections in May, parliamentary polls in Estonia, Finland and Belgium and presidential ballots in Slovakia, Ukraine and Lithuania.
“It is highly likely that foreign powers will target many of these elections,” former NATO secretary-general and Danish prime minister Anders Fogh Rasmussen warned last week at the Munich Security conference
Attacks could come “either by breaking into electoral systems, covertly supporting candidates or in getting toxic news in traditional and online media,” he added.
Former US vice president Joe Biden backed Rasmussen in warning of “cyber attacks, dark money influence operations and disinformation” used by “Russian but also other actors”.