Storm-0558, a Chinese state-sponsored threat actor (attributed to MSS), acquired a Microsoft MSA consumer token signing key (method of acquisition still unclear as of CSRB review) and used it to forge authentication tokens granting access to Exchange Online mailboxes at 22 organisations and 503+ individuals globally. Attack began 15 May 2023. US State Department discovered the intrusion 15 June 2023 via anomaly detection and alerted Microsoft. Approximately 60,000 State Department emails downloaded. US Commerce Department Secretary Gina Raimondo’s email also compromised. CSRB review (March 2024) concluded the breach was ’entirely preventable’ and cited a ‘cascade of Microsoft security failures.’ Separate from the November 2023 Midnight Blizzard/Cozy Bear attack on Microsoft.