Microsoft Corp. has accused Chinese state-sponsored hackers of exploiting vulnerabilities in its SharePoint document management software to carry out a global cyber-espionage campaign targeting businesses and government agencies.

In a blog post published Tuesday, Microsoft identified two China-backed groups—Linen Typhoon and Violet Typhoon—as responsible for leveraging flaws in on-premises versions of SharePoint.

A third China-based group, dubbed Storm-2603, was also found to have exploited the same vulnerabilities.

“Investigations into other actors also using these exploits is still ongoing,” Microsoft said. “With the rapid adoption of these exploits, Microsoft assesses with high confidence that threat actors will continue to integrate them into their attacks.”

Cybersecurity researchers have also reported that multiple hacking groups have been exploiting the vulnerabilities in Microsoft’s widely used SharePoint software, with some indicating that Chinese-linked actors are likely among those responsible.

Hackers have already exploited the SharePoint flaw to breach the systems of national governments in Europe and the Middle East, according to a person familiar with the matter.

In the United States, they have also accessed government networks, including those of the Department of Education, Florida’s Department of Revenue, and the Rhode Island General Assembly, the person said, requesting anonymity due to the sensitivity of the information.

The nature of the targets, attack techniques, and early indicators all point to Chinese state-sponsored espionage, according to Eugenio Benincasa, a researcher at ETH Zurich who specializes in analyzing cyber operations linked to China.

Security firm Eye Security reported detecting breaches on over 100 servers tied to 60 victims, including energy companies, consulting firms, and universities.

The affected organizations span several countries, including Saudi Arabia, Vietnam, Oman, and the United Arab Emirates.