At least two U.S. federal agencies have been hacked, according to a statement from CISA.  The hackers used phishing to steal critical information from government employees. The hackers sent a phishing email containing a phone number to an employee's government email address.  The employees are then convinced to log in to their banking accounts and send back a certain amount of money they are told was refunded to them by mistake. Hackers use remotely controlled software to deploy this attack. The campaign includes making changes to the bank account statement so that the victims are convinced they have the fund in their possession. These emails are part of a social engineering hacking campaign against federal government agencies that has been active since June 2022.