Hackers used legitimate remote help-desk tools to scam multiple US federal agencies