Security researchers say Microsoft customers should take immediate action to defend against the ongoing cyberattacks, and must assume they have already been compromised.

Active SharePoint exploits since July 7 target governments and tech firms globally, risking key theft and persistent access.

Hours after Microsoft revealed hacking groups affiliated with the Chinese government have been exploiting a flaw in its SharePoint software, Bloomberg News reports that the National Nuclear Security Administration has also been breached in the attacks.

Multiple hacking groups—including state actors from China—have targeted a vulnerability in older, on-premises versions of the file-sharing tool after a flawed attempt to patch it.

Officials in Indiana and Missouri said technologists remain watchful, but their states so far seem to have avoided compromise. The latter’s Office of Administration credited a layered security approach for helping deflect bad actors.

Security experts at Google and Microsoft have discovered that Chinese government-backed hackers are exploiting a serious flaw, known as a zero-day vulnerability, in Microsoft SharePoint, a tool used by many companies to store and share documents internally.

Microsoft has released a critical patch for a security flaw in its SharePoint software. Hackers actively exploited this vulnerability, targeting businesses and US government agencies. The company issued the fix between July 19 and 20.

A newly discovered vulnerability in Microsoft’s SharePoint platform has spurred a mad frenzy from hackers — leading to breaches of some Microsoft clients.