Mandiant says a Chinese cyberespionage group has been exploiting the critical-rated vulnerability since at least mid-December.