Multiple attack groups are exploiting the critical Microsoft Exchange Server vulnerabilities patched last week – and the growing wave of global activity began before Microsoft released emergency fixes on March 2.

Security firms including Red Canary and FireEye are now tracking the exploit activity in clusters and anticipate the number of clusters will grow over time. ESET researchers have detected at least ten APT groups using the critical flaws to target Exchange servers.