The office of the Department of the US Treasury Department of the Currency Controller (OCC) shared information on a violation of the recently discovered messaging system on Tuesday which has been described as a “major incident”.
The OCC, whose role is to regulate and supervise national and foreign banks, revealed at the end of February that it had read a security incident involving an administrative account in its messaging system.
The initial survey revealed that a “limited number” of messaging accounts was assigned and there was no proof of impact on the financial sector.
An update shared by the regulator on Tuesday provided more information on the incident, which it discovered on February 12, 2025, after learning from unusual interactions between the reception boxes of OCS users and system administration accounts.
An analysis has shown that threat stakeholders had had access to the emails of managers and employees, including messages containing “information relating to the financial situation of financial institutions regulated by the federal government used in its exams and supervision surveillance processes”.
On the basis of a project of the WOT letter in the Congress and Information from sources, Bloomberg said that 103 messaging accounts had been compromised and that the attackers had access to very sensitive financial information.
According to the publication, Microsoft alerted the West of the violation in February and the survey showed that the pirates had access to around 150,000 e-mails from May 2023 until they were discovered and their access was terminated.
We don’t know who is behind the attack. The Treasury Department, in particular its Commission on foreign investments in the United States (CFIUS) and the Office for the Control of Foreign Assets (OFAC), were previously targeted by a group of threats linked to China followed as a silk typhoon.
We do not know if the Hack OCS is linked to the attacks of the other two offices of the Treasury.
Related: CRM, suppliers of bulk email targeted in the cryptographic phishing campaign
Related: The congress library says that an opponent hacked certain emails
Related: Google confirms that an Iranian group is trying to access emails related to the two American presidential campaigns
Related: Sanctions on cash levels linked to a massive hack of telecommunications companies and the violation of its own network
