The REvil ransomware group has caused a data breach at a United States nuclear weapons contractor, and claims to be auctioning data stolen during the attack. The contractor in question is ‘Sol Oriens’, which describes itself as helping the “Department of Defense and Department of Energy Organisations, Aerospace Contractors, and Technology Firms carry out complex programs.”
However, a CNBC correspondent spotted a job posting which provides some insight into Sol Orien’s operations. The firm is seeking program managers, consultants, and a “Nuclear Weapon System Subject Matter Expert’ to work wit the National Nuclear Security Administration’ (NNSA).
Has REvil stolen the data?
The REvil gang had recently listed companies on the dark web, whose data they were auctioning to the highest bidder. Sol Oriens features in the list and REvil claims to have stolen data with regard to business and employees, including salary information and social security number. To substantiate their claims, the group had even published images of a hiring overview document, payroll documents, and a wages report. It even threatened to share this data with military agencies of their choice.
On 11th June, 2021, the same CNBC correspondent had shared that Sol Oriens had confirmed a cyberattack in May, 2021.
Sol Oriens had issued a statement to CNBC, which says:
In May 2021, Sol Oriens became aware of a cybersecurity incident that impacted a network environment. The investigation is ongoing, but we recently determined that an unauthorized individual acquired certain documents from our systems. Those documents are currently under review, and we are working with a third-party technological forensic firm to determine the scope of potential data that may have been involved. We have no current indication that this incident involves client classified or critical security-related information. Once the investigation concludes, we are committed to notifying individuals and entities whose information is involved.”
Recent Cyber Security Challenges
Multiple countries are struggling with the issues of cyber security and ransomware. The United States has particularly been making news. Colonial Pipeline and JBS hacks have alarmed the lawmakers, who have introduced bills to secure critical information infrastructure. The US has also issued a guidance to investigate ransomware and terrorist attacks alike. Members of REvil are reportedly based in Russia. This data breach at a nuclear weapons contractor further brings attention to the need of greater cooperation between countries.