Written by Patrick Howell O'Neill

The U.S. National Security Agency tracked Russian hackers working against French political targets and then alerted French authorities prior to the “massive and coordinated hack” against the campaign of President-elect Emmanuel Macron, the NSA’s chief said Tuesday.

Macron won convincingly even though the hack resulted in a massive email dump about a day before French voters headed to the polls, but upcoming crucial elections across Europe have raised alert levels for Western intelligence agencies tasked with fighting Russian interference.

Adm. Michael Rogers, who leads both the U.S. Cyber Command and the NSA, testified before the Senate Armed Services Committee on Tuesday. He was asked about the United States’ role in protecting elections inside and outside of U.S. borders.

“We had become aware of Russian activity,” Rogers said. “We had talked to our French counterparts prior to the public announcements of the events that were publicly attributed this past weekend. We said, ‘Look we are watching the Russians, we’ve seen them penetrate your infrastructure, here’s what we’ve seen, what can we do to try to assist?’ We’re doing similar things with our German and British counterparts, they have an upcoming election sequence. We’re all trying to figure out how we can learn from each other. That’s much more my NSA role than my Cyber Command role.”

The three biggest European elections remaining this year are French legislative contests on June 11 and 18, United Kingdom’s general election on June 8 and the German federal election on Sept. 24.

Experts both inside and outside of government expect continued Russian action in the cyber domain. In addition to escalating American information warfare and hardening critical systems, Rogers said one key aspect of defense is to make Russia and other hostile actors face significant consequences for attacks. He did not specify exactly what that would mean.

“If this is APT28, then they have not abandoned this tool,” John Hultquist, a senior analyst at the cybersecurity firm FireEye, told CyberScoop. “We can anticipate they’ll continue to use it until the consequences for these actions are greater.”