If they use GoDaddy and WordPress this is a GoDaddy exploit. It happened at my work, boner pulls and all, and GoDaddy extorted us to fix it.

https://panorays.com/blog/godaddy-breach/#:~:text=The second time%2C hackers regained,2021 and again in 2022.

The main Georgia.gov site runs on Drupal/GovHub(which they proudly talk about). Whereas team.georgia.gov runs on WordPress.org(probably an old version). This could be related to a lot of recently discovered issues with different pieces of software. It could also be someone high up was not doing a good job with their username and password. It could be due to a lot of different factors.