Computer intruders targeting pro-Tibetan groups, U.S. defense contractors and government agencies slipped in through previously unknown security holes in Microsoft Office, prompting Microsoft to issue a flurry of patches to the popular software suite in 2006 and 2007, according to computer security experts.

These attacks, which appeared to have originated in China, began in early 2006 when the attackers started sending e-mails to victims with booby-trapped Word documents and Excel spreadsheets attached.

"We are seeing more and more spying done with Trojans, a shift that has happened in the last two years," Mikko Hyppönen, the chief research officer for software security vendor F-Secure, told RSA conference attendees Thursday morning.

The Pentagon and pro-Tibet groups have previously acknowledged the intrusions, but Hyppönen is the first to link the cyber espionage to a series of patches that Microsoft pushed out without explanation. Microsoft did not immediately reply to a request for comment.

Hyppönen's colleague Patrik Runald notes that from 2005 through early 2006, Microsoft issued few patches for its Office suite. But soon after there was an explosion of patches for critical bugs that could be used to infect a computer, including a record 26 patches in October, 2006, that fixed four critical bugs in Microsoft Office applications....