Some of the attacks that targeted organizations using an exploit in Microsoft’s SharePoint server platform over the last few days have been linked to hacking groups affiliated with the Chinese government, according to a new Microsoft security blog. “As of this writing, Microsoft has observed two named Chinese nation-state actors, Linen Typhoon and Violet Typhoon, exploiting these vulnerabilities targeting internet-facing SharePoint servers,” Microsoft said on Tuesday. The Washington Post reports that anonymous sources working on the SharePoint intrusions said they’ve also identified that some attacks were connected to IP addresses inside China. Microsoft released a patch update for SharePoint 2016 servers on Tuesday morning, and it has now patched all versions of SharePoint that are impacted by the zero-day exploit. Microsoft’s update says it has assessed “with high confidence” that threat actors will continue using it to attack unpatched server systems now that it’s widely known.