On March 2, Microsoft disclosed the vulnerabilities and blamed the zero-day attacks on a Chinese state-backed group called Hafnium. But experts told the Financial Times that criminal groups and other hacking outfits have been stampeding to attack victims before their networks are locked down. By March 8, the U.S. Cybersecurity and Infrastructure Agency had taken to Twitter warning “ALL organizations across ALL sectors to follow guidance to address the widespread domestic and international exploitation.”

The first prominent entity to acknowledge that it was compromised due to the Microsoft hack was the European Banking Authority, Europe’s banking watchdog. Others were likely to follow.

The White House has called on information technology pros to take extra precautions to be sure their networks had not been breached, as Reuters reports. “This is an active threat still developing, and we urge network operators to take it very seriously,” a Biden administration official said. The White House was reportedly setting up a task force in response to the attack.

According to the Associated Press, victims of the piggyback attacks run the gamut, including retailers, healthcare organizations, law firms and manufacturers. Many are small and mid-size businesses, reports Bloomberg.

An early estimate by cybersecurity blogger Brian Krebs put the toll at 30,000 U.S. victims. Dmitri Alperovitch, former chief technical officer of the cybersecurity firm CrowdStrike, put the global figure at roughly 250,000 victims.

Hackers have been exploiting four specific Microsoft Exchange vulnerabilities, as Gizmodo notes, and the software giant has posted patches on its website.

As Axios points out, while the Biden administration is already considering how to address Russia’s role in the SolarWinds attacks, now the White House faces another difficult decision on China.