Last year, the Department of Homeland Security released a scathing report detailing Microsoft’s mistakes during a 2023 hack in which China stole thousands of emails from top government officials. Two years before that, China-linked cyberattackers compromised more than 250,000 Microsoft Exchange servers.

Microsoft said in a post on its website on Saturday that it was “aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities.” SharePoint is a Microsoft platform that allows customers to manage and share documents within their organizations.

Microsoft has issued a stark warning about a recent cyberattack targeting critical infrastructure, including the U.S. National Nuclear Security Administration (NNSA), exposing vulnerabilities in its SharePoint software.

South Africa’s National Treasury is among at least 400 entities worldwide to be affected by a hack of Microsoft’s SharePoint document management system.

The zero-day vulnerability — which was first disclosed late Saturday — has been exploited by several Chinese state-aligned groups, according to Microsoft.

While the hack doesn't pose the kind of national security threat as the more sophisticated SolarWinds campaign , it can be an existential threat for victims who didn't install the patch in time.

The company said state-backed hacking groups were breaching systems through flaws in SharePoint, which is used by the U.S. government and companies around the world.