Cisco and Citrix both told Reuters that they have patched the vulnerabilities that were being exploited by APT41. Citrix is also coordinating with FireEye to find “potential compromises.” Reuters reached out to Dell Technologies’ cybersecurity arm, Secureworks, which stated that the company has also seen increased activity from Chinese hackers “over the last few weeks.”

Chinese government contractors carrying out cyber attacks is nothing new, but the scope of these current initiatives is concerning. Companies in about 20 countries are being targeted, and APT41 is carrying out subsequent attacks frequently: “This activity is one of the most widespread campaigns we have seen from China-nexus espionage actors in recent years,” says FireEye. “This new activity from this group shows how resourceful and how quickly they can leverage newly disclosed vulnerabilities to their advantage.” Whether the attackers are purposely taking advantage of a reduced cybersecurity workforce during the coronavirus pandemic or the timing is just a coincidence remains to be determined.

Both groups have previously been linked to Russia. APT28 was allegedly behind the 2016 Democratic National Convention hack, while Sandworm is believed to be the malicious actor involved in last year’s NotPetya ransomware attacks on mainly Ukrainian facilities. FireEye says that latest efforts of both groups appears to be co-ordinated — although each have used different methods — and that their campaign is ongoing. The company did not confirm whether any sensitive data had been leaked.

In a statement, FireEye’s senior manager of cyberespionage analysis, Benjamin Read, said that, “The groups could be trying to gain access to the targeted networks in order to gather information that will allow Russia to make more informed political decisions, or it could be gearing up to leak data that would be damaging for a particular political party or candidate ahead of the European elections.”

Up to 300 million citizens across the EU are set to vote in European parliamentary elections this May, the outcome ultimately determining the future of peace in Europe. Hacking efforts by hostile parties could seriously undermine this. While FireEye says it’s notified the affected institutions and is advising them on future action, this isn’t the first attempt by Russia to sway the voting process — Microsoft made a similar announcement last month. Given the extremely tenuous political situation across the world right now, it’s unlikely to be the last, either.