Technically what was done to Podesta was called Spear Phishing or Whaling. They sent him a malicious link that required him to put in his password (which, by the way was “Password”) in order to gain access to his email account.
There was no “hacking” involved, which means deliberate brute force or similar attempts to break into someone’s account.
who is ‘they’? That is the question.
How about a simple, direct download from an authorized user of the system; maybe even a sysadmin...
Podesta & Sterling Archer’s organization had the same IT security consultants!