The world’s largest software maker is warning that China-based nation state threat actors are taking advantage of a one-year-old law to “stockpile” zero-days for use in sustained malware attacks.

According to a new report released Friday by Microsoft, China’s government hacking groups have become “particularly proficient at discovering and developing zero-day exploits” after strict mandates around early vulnerability disclosure went into effect.

Microsoft made a direct connection between China’s vulnerability reporting regulation that went into effect September 2021 and a surge in zero-day attacks documented over the last two years.