A vulnerability in Microsoft's Exchange email system allowed threat actors with ties to China to steal about 60,000 emails from the US State Department.
The accounts of State Department personnel that were compromised were mostly used for diplomatic operations in the Indo-Pacific, and the hackers also obtained a list of all the department's correspondence.
Approximately 60,000 unclassified emails were exfiltrated as a result of that breach. No, confidential systems weren't violated. These concerned only the unclassified system.
The threat actors employed forged authentication credentials to access user email accounts via Outlook Web Access in Exchange Online (OWA) and Outlook.com, according to Microsoft researchers.
Source: https://securityaffairs.com/151685/hacking/u-s-state-department-stolen-emails.html
"id": "MIC01021023",
"linkid": "microsoft",
"type": "Breach",
"date": "09/2023",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"