According to cybersecurity researchers, at least two threat groups have spent months taking advantage of a previously undisclosed vulnerability in US virtual private networking (VPN) devices, exploiting the flaw to spy on the US defense industry. Cybersecurity researchers at Ivanti stated that hackers took advantage of the flaw in its Pule Connect Secure suite to break into the systems of a limited amount of customers. A patch for the flaw will likely not come until early May.

Ivanti did not indicate who was behind the espionage campaign, however, FireEye researchers claim that at least one of the hacking groups is backed by the Chinese government. The other, according to researchers, is suspected to have ties to China-based initiatives. FireEye made the connections after conducting a review of the hackers’ tools, tactics, targets, and infrastructure.

Read More: China-linked hackers used VPN flaw to target U.S. defense industry -researchers