Federal agency compromised leveraging compromised credentials