Microsoft and CISA disclosed a security incident and attributed it to the Chinese threat group Storm-0558. The threat actors stole a Microsoft consumer signing key, which was initially thought to have provided them with access to Exchange Online and Outlook.com.
Source: Heimdal Security Blog