Both Microsoft and cybersecurity firm Mandiant observed hacking groups linked to China and Iran launching attacks that exploit the flaw in Log4j, a free bit of code that logs activity in computer networks and applications.
Microsoft also saw nation-backed hackers from North Korea and Turkey using the attack. Some attackers appear to be experimenting with the attack; others using it to break into online targets.
Government-sponsored hackers are often among the best-resourced and most capable, analysts say.
One of the groups exploiting the security hole in Log4j is the same China-backed group linked to a widespread attack on Microsoft Exchange servers earlier this year.
Researchers find the Log4j flaw particularly worrying because the free Java-based software exists in everything from security software to networking tools to video game servers.
