As well as having similarities with the interference in Mr Macron's election campaign, the attacks used a phishing method similar to the hacks on the Democratic party that coloured last year's US election. Intelligence officials and cyber security researchers say Russia's secret services were behind those leaks.
Citizen Lab says the targets included Mikhail Kasyanov, a former Russian prime minister now in opposition; cabinet members, ambassadors and military officers from 28 countries; senior corporate executives; and journalists and activists in Russia.
"Of course, governments spy on journalists and read all their emails," said Eva Galperin, director of cyber security at the Electronic Frontier Foundation in San Francisco. "The notion that they should do all of this and make the contents public — with or without changes — is a fairly new thing from the last couple of years in Russian information tactics."
CyberBerkut, an ostensibly independent hacking group that the US and Germany have said is a Russian intelligence operation, posted emails from one of the victims, former US journalist David Satter, alongside fake documents alleging a US government plot to undermine Russia. The same site previously posted fakes added to hacked documents from the Open Society Foundations, billionaire George Soros' philanthropy arm.
The range of targets, as well as significant resources required to process the information, suggests the hackers were acting in Russia's interests, said Ron Deibert, director of the Citizen Lab.
"We have no conclusive evidence that links these operations to a particular Russian government agency; however, there is clear overlap between our evidence and that presented by numerous industry and government reports concerning Russian-affiliated threat actors," the organisation said.
Researchers discovered the attack while investigating a hack of Mr Satter, a prominent western critic of the Russian government. Hackers gained access to Mr Satter's email account when he clicked on a phishing link — the technique used in the attacks on the Democratic party.
Researchers compared the malicious link sent to Mr Satter with similar emails sent to Bellingcat, an open-source investigative journalism site.
ThreatConnect, a security firm, attributed them to APT 28, a group that US intelligence and security researchers say is a Russian intelligence operation behind hacks on the Democratic party, Mr Macron's campaign, the White House and Nato.
Researchers at the Citizen Lab identified patterns in the URLs to find that they had been sent to 198 other targets.
The documents that appeared on CyberBerkut's website included several forgeries, created by altering documents hacked from Mr Satter's emails. In the fake documents, Mr Satter, who advises an investigative journalism programme funded by the National Endowment for Democracy, was depicted as orchestrating a campaign to plant articles against Russian president Vladimir Putin in the Russian press.
Mr Satter believes the hack was aimed at discrediting Russia's opposition by association with him. "They're trying to create these bogeymen to link the opposition to undesirable people — me being the undesirable in this case," he said.