Microsoft warned that nation-state sponsored hackers from Russia, China, and Iran have attacked hundreds of organizations and individuals associated with U.S. President Donald Trump’s reelection campaign and Democratic candidate Joe Biden’s presidential campaign.

Security tools built into Microsoft products detected and stopped “the majority” of these attacks, said Tom Burt, Microsoft’s corporate VP for customer security and trust. “We have directly notified those who were targeted or compromised so they can take action to protect themselves,” he wrote in a blog post.

Strontium, a Russian group better known as Fancy Bear, has attacked more than 200 organizations including political campaigns, advocacy groups, parties, and political consultants, according to Microsoft. This is the same group that carried out the attacks on Democratic candidate Hillary Clinton’s campaign in 2016. “Similar to what we observed in 2016, Strontium is launching campaigns to harvest people’s log-in credentials or compromise their accounts, presumably to aid in intelligence gathering or disruption operations,” Burt wrote.

Microsoft says Fancy Bear targeted U.S. political consultants working with Republicans and Democrats, but it doesn’t name any specific firms. However, Reuters reports that Microsoft alerted one of the Biden campaign’s main advisors, Washington-based SKDKnickerbocker, about the attempted attacks. The hackers did not gain access to the firm’s networks, Reuters said, citing a person familiar with SKDK’s response.

Two other state-sponsored hacking groups, China’s Zirconium and Iran’s Phosphorus, have also attempted hundreds of attacks against both Biden and Trump’s campaigns, according to Microsoft.

Zirconium, which most threat researchers call APT 31, has tried to spy on organizations and people associated with the U.S. presidential election and candidates. Microsoft detected thousands of attacks from this group between March and September, resulting in almost 150 compromises.

“It appears to have indirectly and unsuccessfully targeted the Joe Biden for President campaign through non-campaign email accounts belonging to people affiliated with the campaign,” Burt wrote. “The group has also targeted at least one prominent individual formerly associated with the Trump Administration.”

Meanwhile, Iran-based Phosphorus, also known as APT 35 or Charming Kitten, has attacked the personal accounts of people associated with Trump campaign. Last year, Microsoft won a restraining order to take control of Phosphorus’ infrastructure and domains the group used to target presidential campaigns. And just last month a federal court in Washington D.C. gave Microsoft permission to take control of 25 new internet domains used by the Phosphorus. “To date, we have used this method to take control of 155 Phosphorus domains,” Burt wrote.

Microsoft’s announcement follows months of stark warnings by threat hunters and security professionals that foreign governments will again try to interfere in the U.S. presidential election. In addition to direct attacks against organizations and individuals close to the campaigns, this includes spreading disinformation via social media channels. “State actors … can turn the social web into a vast propaganda and disinformation machine,” said Renée DiResta, research manager at Stanford Internet Observatory, in her Black Hat keynote.

And during a recent election security tabletop exercise, ethical hackers demonstrated how easy it is to sow chaos, spread disinformation, and essentially grind democracy to a halt. Cybereason hosted the exercise. “These are extremely cheap attacks,” Cybereason CTO Yonatan Striem Amit said. “Nation states easily have resources to use them,” as do other less organized groups that just want to create chaos. “Everything we have done is in the realm of easily doable right now.”