China’s Breach of Microsoft Cloud Email May Expose Deeper Problems | WIRED:

On July 11, Microsoft revealed that a Chinese hacking group it calls Storm-0558 was able to access the email systems of US government agencies, potentially compromising hundreds of thousands of emails. Since then, details of the incident have started to emerge—including reports claiming that the email account of the US ambassador to China and other senior officials were breached. The attackers were able to access the email accounts, according to Microsoft and the US State Department, using a private signing key they had acquired and were using to generate access tokens for the accounts.