The company found that two state-sponsored hacking groups, APT28 and Sandworm, used spear phishing — the practice of sending out emails designed to look like they're from a trusted party — in an attempt to obtain government information.
FireEye said European government institutions were sent emails with links to websites that appeared to be authentic, luring a person into changing their password and thus sharing their credentials with hackers.
APT28, more popularly known as Fancy Bear, is believed to be linked to Russian military intelligence agency GRU and has been labeled as one of the malicious actors behind the 2016 Democratic National Convention hack.
Sandworm, meanwhile, has also been tied to Russia, and is believed to have been behind the NotPetya ransomware attacks last year which targeted mainly Ukrainian institutions.
The spying efforts of the two hacking groups appeared to be coordinated, but the tools used by both differed, FireEye said. The company said it noticed a "significant increase" in activity from the groups in mid-2018 and that the cyberespionage campaign is ongoing.
"The groups could be trying to gain access to the targeted networks in order to gather information that will allow Russia to make more informed political decisions, or it could be gearing up to leak data that would be damaging for a particular political party or candidate ahead of the European elections," Benjamin Read, senior manager of cyberespionage analysis at FireEye, said in a statement Thursday.