Writing in its bog, Vole said the hacking campaign made use of four previously undetected vulnerabilities in different versions of the software and was the work of a group it dubs HAFNIUM, which it described as a state sponsored entity operating out of China.
In a separate blog post, cyber security firm Volexity said that in January it had seen the hackers use one of the vulnerabilities to remotely steal "the full contents of several user mailboxes". All they needed to know were the details of Exchange server and of the account, they wanted to pillage, Vole said.
China has denied it of course and says the concept of Chinese spies attacking western targets were groundless guesses and accusations.
However, the hackers' increasingly aggressive moves began to attract attention across the cybersecurity community.
Mike McLellan, director of intelligence for Dell Technologies Inc's Secureworks, said ahead of the Microsoft announcement that he had noticed a sudden spike in activity touching Exchange servers overnight on Sunday, with around 10 customers affected at his firm.
McLellan said that for now, the hacking activity he had seen appeared focused on seeding malicious software and setting the stage for a potentially more profound intrusion rather than aggressively moving into networks right away.
"We haven't seen any follow-on activity yet", he said. "We're going to find a lot of companies affected, but a smaller number of companies exploited."
Microsoft said targets included infectious disease researchers, law firms, higher education institutions, defence contractors, policy think tanks, and non-governmental groups.