The effort by the notorious APT28 hacking group, which has been publicly linked to a Russian intelligence agency and actively interfered in the 2016 presidential election, underscores the aggressive role Russian operatives are playing ahead of the midterm congressional elections in the United States. U.S. officials have repeatedly warned that the November vote is a major focus for interference efforts. Microsoft said the sites were created over the past several months but did not go into more specifics.

Microsoft’s Digital Crimes Unit took the lead role in finding and disabling the sites, and the company is launching an effort to provide expanded cybersecurity protection for campaigns and election agencies that use Microsoft products.

Among those targeted were the Hudson Institute, a conservative Washington think tank active in investigations of corruption in Russia, and the International Republican Institute (IRI), a nonprofit group that promotes democracy worldwide. Three other Fake sites were crafted to appear as though they were affiliated with the Senate, and one nonpolitical site spoofed Microsoft’s own online products.

The Senate did not immediately respond to requests for comment late Monday.

Microsoft said Monday that it had found no evidence that the fake sites it recently discovered were used in attacks, but fake sites can carry malware that automatically loads onto the computers of unsuspecting visitors. Hackers often send out deceptive “spear-phishing” emails to trick people into visiting sites that appear to be authentic but in fact allow the attackers to penetrate and gain control of computers that log on, allowing the theft of emails, documents, contact lists and other information.