In a blog post Tuesday, Microsoft said it observed hackers attempting to “gain initial access to target organizations.” According to Microsoft, those involved included hacking groups called Linen Typhoon and Violet Typhoon—which Microsoft said are linked to the Chinese government—and China-based group Storm-2603.

Some of the attacks that targeted organizations using an exploit in Microsoft’s SharePoint server platform over the last few days have been linked to hacking groups affiliated with the Chinese government, according to a new Microsoft security blog .

A China-linked threat actor has been observed exploiting SharePoint servers to deliver ransomware, according to Microsoft researchers, in the latest sign of worsening attacks against on-premises SharePoint Server customers.