So it's not just classified documents, it's a mess

CISA: Federal agencies hacked using legitimate remote desktop tools

The attackers behind this campaign began sending help desk-themed phishing emails to federal staff's government and personal email addresses since at least mid-June 2022.

 The explanation is a little technical, so allow me to translate: Yikes!