It could be a combination of both, for example heres a basic guide to hacking any government department or agency (which for legal purposes isnt a guide).
You can very easily brute force your way into those unsecured DOGE email servers they have in everywhere in the US Gov rn (alternatively you can spoof a DOGE email very easily, if so skip to step 3)
Once you brute force your way into the US Gov you can either take the route of brute forcing your way into the entire network compromising entire systems or you can send emails from the doge servers hacking individuals.
Once the network is compomised slowly copy classified information and prepare the system to display your mesaage. Then delete the information from the internal system replacing it with your message, leak the information so everyone but them has it.
Be the change… Hacking is less brute force and more phishing. Not that hard and ICE is full of brain dead morons.
Humans are always the weakest point of any opsec
It could be a combination of both, for example heres a basic guide to hacking any government department or agency (which for legal purposes isnt a guide).