Article Details

Hackers lurked in Treasury OCC’s systems since June 2023 breach. Unknown attackers who breached the Treasury's Office of the Comptroller of the Currency (OCC) in June 2023 gained access to over 150,000 emails, according to anonymous sources familiar with the matter. The OCC is an independent bureau of the U.S. Department of the Treasury that oversees banks and federal savings associations and ensures they comply with applicable laws and regulations, treat customers fairly, and provide fair access to financial services. As Bloomberg first reported, the threat actors gained the ability to monitor employees' emails after breaking into an email system administrator's account, as OCC disclosed in February 2025. At the time, it reported the attack to the U.S. Cybersecurity and Infrastructure Security Agency as a "cybersecurity incident" involving its email system and multiple email accounts, with no impact on the financial sector. "The Office of the Comptroller of the Currency (OCC) this month identified, isolated and resolved a security incident involving an administrative account in the OCC email system," the U.S. banking regulator said. "The OCC's investigation analyzed all email logs since 2022 for due diligence. The OCC identified a limited number of affected email accounts that have since been disabled." While the OCC initially said the breach only affected a limited number of accounts, people familiar with the investigation told Bloomberg that the attackers had access to more email accounts than previously thought and to around 100 bank regulators' emails. In early January, the Treasury Department also disclosed that its network was breached using a stolen Remote Support SaaS API key to compromise a BeyondTrust instance used by the agency. That attack has since been linked to a Chinese state-backed hacking group tracked as Silk Typhoon. The threat actors specifically targeted the Office of Foreign Assets Control (OFAC), which administers trade and economic sanctions programs, and the Committee on Foreign Investment in the United States (CFIUS), which reviews foreign investments for national security risks. Silk Typhoon hackers also breached the Treasury's Office of Financial Research systems, but the impact of this incident is still being assessed. Top 10 MITRE ATT&CK© Techniques Behind 93% of Attacks Based on an analysis of 14M malicious actions, discover the top 10 MITRE ATT&CK techniques behind 93% of attacks and how to defend against them.