Information may have been “compromised in four cases,” the Federal Office for Information Security (BSI) said, without specifying which institutions were affected.

The BSI published a first security warning on Friday, saying “organizations of all sizes” were affected by the breach.

Microsoft was already made aware of the vulnerabilities in Exchange Server software by information technology security researchers in January. The US software giant then began to develop an update for its email programme.

Last week, Microsoft said the attacks came from a “state-sponsored threat actor” operating from China.

According to experts, German companies are affected by this Microsoft Exchange vulnerability more than other countries because they themselves operate Exchange in-house or in rented data centres.

The vulnerabilities do not exist in cloud versions of Microsoft’s email service.

In cases in which the attack was successful, the hackers were able to install their own control software on the servers and direct them remotely.