Microsoft on Wednesday disclosed it had discovered hacking targeting democratic institutions, think tanks and non-profit organizations in Europe.

The attacks targeted employees of the German Council on Foreign Relations, The Aspen Institutes in Europe and The German Marshall Fund, Microsoft said. The attacks against these organizations targeted 104 accounts belonging to organization employees located in Belgium, France, Germany, Poland, Romania, and Serbia.

Microsoft says it continues to investigate the sources of these attacks, but is confident that many of them originated from a group the company calls Strontium. The attacks occurred between September and December 2018. Microsoft has notified each of these organizations when it discovered they were targeted so they could take steps to secure their systems.

Strontium, one of the world’s oldest cyber espionage groups, has also been called APT 28, Fancy Bear, Sofancy and Pawn Storm by a range of security firms and government officials. Security firm CrowdStrike has said the group may be associated with the Russian military intelligence agency GRU.

Consistent with campaigns against similar U.S.-based institutions, attackers in most cases create malicious URLs and spoofed email addresses that look legitimate. These spearphishing campaigns aim to gain access to employee credentials and deliver malware.

Microsoft said it will expand its cyber security service AccountGuard to 12 new markets in Europe including Germany, France and Spain to help customers secure their accounts.

The AccountGuard service will also be available in Sweden, Denmark, Netherlands, Finland, Estonia, Latvia, Lithuania, Portugal and Slovakia.