Hackers are exploiting recently discovered vulnerabilities in Exchange email servers to drop ransomware, Microsoft has warned, a move that puts tens of thousands of email servers at risk of destructive attacks.

In a tweet late Thursday, the tech giant said it had detected the new kind of file-encrypting malware called DoejoCrypt — or DearCry — which uses the same four vulnerabilities that Microsoft linked to a new China-backed hacking group called Hafnium.

When chained together, the vulnerabilities allow a hacker to take full control of a vulnerable system.

Microsoft said Hafnium was the “primary” group exploiting these flaws, likely for espionage and intelligence gathering. But other security firms say they’ve seen other hacking groups exploit the same flaws. ESET said at least 10 groups are actively compromising Exchange servers.

Michael Gillespie, a ransomware expert who develops ransomware decryption tools, said many vulnerable Exchange servers in the U.S., Canada, and Australia had been infected with DearCry.