REvil hacker group attacks Sol Oriens with ransomware

Zoom In Icon Arrows pointing outwards

The hacker group REvil is giving a new victim a headache: a 50-strong company based in Albuquerque, New Mexico that advises the federal government on security-related projects.

Sol Oriens, who advises the US Department of Energy’s National Nuclear Safety Administration, confirmed to CNBC that it became aware of the “cybersecurity incident” in May, its investigation is ongoing and law enforcement agencies have been notified.

In a statement, the company said it “recently discovered that an unauthorized person acquired certain documents from our systems were involved.”

Mother Jones first reported details of the cyber attack.

Sol Oriens did not name or confirm the attacker was ransomware, but CNBC learned that the well-known hacker group REvil was responsible for the attack, according to cybersecurity sources.

A cybersecurity firm that has seen documents posted on the dark web told CNBC that they include invoices for NNSA contracts, descriptions of research and development projects managed by defense and energy entrepreneurs through 2021, and full names and social security payslips Security numbers of the employees of Sol Orients.

Sol Oriens said there was “no current evidence that this incident contained classified or critical security-related information from customers.” The company didn’t want to say whether it paid the attackers a ransom.

Sol Orients describes itself as a technology research and development company. For example, a recent job posting on GlassDoor said it was looking for a program analyst who could assist the NNSA with a “complex nuclear conservation program.”

The NNSA, an agency of the Department of Energy, is responsible for maintaining the safety and effectiveness of US nuclear weapons stocks. It also works with the U.S. Navy on nuclear propulsion and responds to radiological emergencies in the United States.

A spokesman for the Department of Energy declined to comment. A spokesman for the National Security Council declined to comment.

REvil was most recently responsible for a ransomware attack on JBS, the world’s largest meatpacker, which brought in a ransom of $ 11 million. In April, REvil stole and released blueprints from Apple supplier Quanta Computer. This attack allegedly requested a $ 50 million ransom.

“Sol Oriens, LLC is, in a way, just one of many,” said a Mother Jones report of the hack. “There’s still no indication that the company has been targeted for its work and isn’t just another potential payday for hackers.”

According to screenshots from CNBC, REvil threatened to divulge the Sol Orients data and documentation on its blog.

Editor’s note: An earlier version of this story contained a quote from cybersecurity firm Intel 471. CNBC has since learned that the quote provided by Intel 471 through its external PR firm, CHEN PR, was an excerpt from a story written by AJ. was written by Mother Jones Vicens. CHEN PR has confirmed the bug to CNBC.

We have corrected the story to accurately reflect the author of the quote, AJ Vicens. We regret the mistake and apologize to Mother Jones.

Comments are closed.