Chinese "threat actors" have hacked Microsoft's SharePoint document software servers and targeted the data of the businesses using it, the firm has said.
China state-backed Linen Typhoon and Violet Typhoon as well as China-based Storm-2603 were said to have "exploited vulnerabilities" in on-premises SharePoint servers, the kind used by firms, but not in its cloud-based service.
The US tech giant has released security updates in response and has advised all on-premises SharePoint server customers to install them.
"Investigations into other actors also using these exploits are still ongoing," Microsoft said in a statement.