Microsoft warned that Chinese state-sponsored hackers are among those exploiting flaws in its SharePoint software to break into institutions globally, with the U.S. agency responsible for designing nuclear weapons now among those breached.

In a blog post, the tech giant identified two groups supported by the Chinese government, Linen Typhoon and Violet Typhoon, as leveraging flaws in the document-sharing software that rendered customers who run it on their own networks, as opposed to in the cloud, vulnerable. Another hacking group based in China, which Microsoft calls Storm-2603, also exploited them, according to the blog.

The number of companies and agencies subjected to breaches as a result of these exploits is meanwhile mounting: Hackers have used the SharePoint flaws to break into the U.S. National Nuclear Security Administration, according to a person with knowledge of the matter who wasn’t authorized to speak publicly. Bloomberg also reported Monday that systems belonging to the U.S. Education Department, Florida’s Department of Revenue and the Island General Assembly were compromised.