A series of unfortunate events allowed the China-backed adversary, which Microsoft tracks as Storm-0558, to gain ‘lawful’ access to the Exchange Online and Azure Active Directory (now called Microsoft Entra ID) accounts of 25 organizations.