Microsoft's Tom Burt explained that the attacks originate from a group that it has code-named Strontium, better known as Fancy Bear / APT28. In a blog post, the executive wrote that Microsoft has identified hacks directed at think tanks, non-profits and bodies that monitor electoral integrity. Employees of the German Council on Foreign Relations, The Aspen Institute and the German Marshall Fund were all targeted.
Fancy Bear is alleged to have gone after 104 individuals across six countries between September and December 2018. The hackers used spearphishing to try and get account details handed over, creating malicious URLs and spoofed, legitimate-looking email addresses. This is the same modus operandi that was identified in both the 2017 French presidential elections and hacks in the US.
Microsoft has worked with the bodies affected to help mitigate their risk, and has rolled out its AccountGuard security service to more European countries. But it's likely that attacks from both Fancy Bear and other hacking groups will continue to run during this, and many more, election campaigns.