Researchers say Chinese actors, along with other criminal hackers, exploited a security flaw in SharePoint software widely used by governments and businesses.

The hackers behind the initial wave of attacks exploiting a zero-day in Microsoft SharePoint servers have so far primarily targeted government organizations, according to researchers as well as news reports.

Among the attackers now actively exploiting vulnerable on-premises Microsoft SharePoint servers, at least one has shown indications of originating from China, according to the assessment of researchers at Google Cloud-owned Mandiant.

Microsoft ( NASDAQ: MSFT) is warning of “active attacks” targeting its SharePoint server software, used widely by government agencies and businesses to share documents internally.