Through State Dep’t. emails, Russian sources were able to obtain confidential material on the President’s schedule and calls. It is unclear what else they might have obtained, and I doubt the White House will be very forthcoming as to details. This isn’t the first time either, and it’s generally through an unclassified system and then crosses over to the classified systems. Beyond that, security people who have been trying to extricate the Russian hackers from the systems were shocked (per CNN) at the nature of things discussed in emails on the "unclassified" system.
From what I could understand from the non-technical description given by a reporter to CNN’ Wolf Blitzer, my thinking revolves around spear-fishing. That’s just a guess, though.
A spear fishing attack comes (usually) through email from a person known to the recipient from a known person (infected or spoofed) with a link or an enclosed ‘document’ which directs the recipient to an infected site (and through ‘drive by’ Javascript applets/advertising infects the recipient) which installs malware or has the malware in it, despite the classified and unclassified systems being in different locations.