Microsoft said a group of hackers based in China managed to gain access to the email accounts of at least 25 organizations, including several government agencies and individuals associated with those agencies.
The hacks began on May 15 and went unnoticed until June 16.
While Microsoft did not name any of the affected agencies, the Cybersecurity and Infrastructure Security Agency confirmed that a Federal Civilian Executive Branch agency was breached by the hacking group.
CISA said that the hackers gained access to a "small number of accounts" by using "a Microsoft account (MSA) consumer key to forge tokens to impersonate consumer and enterprise users."
Microsoft fixed the issue and said the hackers no longer have access to the email accounts.
"Our telemetry indicates that we have successfully blocked Storm-0558 from accessing customer email using forged authentication tokens. No customer action is required," Microsoft wrote in a blog post about the incursions.
Microsoft did not say how many email accounts were compromised or how much data the hackers managed to obtain. In the case of the executive branch agency that was breached, Microsoft said that the data stolen by the hackers was unclassified.