Microsoft says the cyber attack started the morning of Wednesday, November 14, 2018.
It came to thousands of users in the form of a phishing email that looked like it was a Microsoft OneDrive message from someone at the U.S. State Department:
The tech giant says it had the markings of a nation-state attack, and it was launched aggressively around the globe with many targets in the United States, as you see here:
Who was targeted in this phishing attack?
"Our sensors revealed that the campaign primarily targeted public sector institutions and non-governmental organizations like think tanks and research centers, but also included educational institutions and private-sector corporations in the oil and gas, chemical, and hospitality industries."
Microsoft takes an unusual step
Microsoft took the rare step of notifying individual accounts that were being targeted, through its Defending Democracy Program which it announced earlier in 2018.
"... due to the nature of the victims, and because the campaign features characteristics of previously observed nation-state attacks, Microsoft took the step of notifying thousands of individual recipients in hundreds of targeted organizations."
You can read technical details of the phishing attack here, if you would like to know more.
