The breach is said to have been detected a month later on June 16, 2023, after an unidentified customer reported the anomalous email activity to the company.

Microsoft said it notified all targeted or compromised organizations directly via their tenant admins. It did not name the organizations and agencies affected and the number of accounts that may have been hacked.

However, according to the Washington Post, the attackers also broke into a number of unclassified U.S. email accounts.

The access to customer email accounts, per Redmond, was facilitated through Outlook Web Access in Exchange Online (OWA) and Outlook.com by forging authentication tokens.

"The actor used an acquired MSA key to forge tokens to access OWA and Outlook.com," it explained. "MSA (consumer) keys and Azure AD (enterprise) keys are issued and managed from separate systems and should only be valid for their respective systems."

"The actor exploited a token validation issue to impersonate Azure AD users and gain access to enterprise mail."