The compromise of a Microsoft engineer’s account was just one of several factors that allowed threat group Storm-0558 to steal a cryptographic signing key and access U.S. government accounts.
Article Link: Multiple Microsoft failings enabled email hacks by Chinese APT group | SC Media