Hacker group Revil has become a headache for a new victim: a 50-person firm based in Albuquerque that consults with the federal government on security-related projects.
Sol Orions, which consults for the U.S. Department of Energy’s National Nuclear Security Administration, confirmed to CNBC that it became aware of a “cyber security incident” in May, is under investigation and notified law enforcement. .
In a statement, the company said that “it has recently been determined that an unauthorized person has obtained certain documents from our systems. Those documents are currently being reviewed, and we will determine the scope of potential data.” We are working with a third-party technical forensics firm to do so.”
According to cybersecurity sources, Soul Orions did not name the attacker or confirm that it was ransomware, but CNBC has learned that the well-known hacker group Revil was responsible for the attack.
A cybersecurity firm that has seen documents posted on the dark web told CNBC that they include invoices for NNSA contracts, details of research and development projects managed by defense and energy contractors, as recently as 2021. and include full names and Social Security pay sheets. Sol Orion’s workforce.
Sol Orions said it has “no current indication that this incident involved client classified or critical security-related information.” The company declined to say whether it had paid a ransom to the attackers.
Sol Orions, describes itself as a technology research and development firm. For example, a recent job posting on Glassdoor stated that the firm was looking for a program analyst who could assist the NNSA with a “complex nuclear weapons maintenance program.”
The NNSA, an agency within the Department of Energy, is responsible for maintaining the safety, security, and effectiveness of the US nuclear weapons stockpile. It also serves with the US Navy on nuclear propulsion, and it responds to radiological emergencies in the US.
A spokesman for the Energy Department declined to comment. An NSC spokesperson declined to comment.
Revil was recently responsible for a ransomware attack on JBS, the world’s largest meatpacker, that took an $11 million ransom. In April, Reville stole and published a blueprint from Apple supplier Quanta Computer. That attack reportedly claimed a ransom of $50 million.
“In some ways, Soul Orions, LLC is just one name out of many,” said cybersecurity firm Intel471. “There is no indication yet that the company was targeted because of the work it did, but rather to be another potential pay day for hackers.”
According to screenshots seen by CNBC, REvil threatened to reveal Sol Oriens’ data and documentation on its blog.
Read Original Article at www.cnbc.com