REvil Hits US Nuclear Weapons Contractor: Report | WHAT REALLY HAPPENED X-Frame-Options: SAMEORIGIN

REvil Hits US Nuclear Weapons Contractor: Report

“We hereby keep a right (sic) to forward all of the relevant documentation and data to military agencies of our choise (sic)” REvil reportedly wrote.

Sol Oriens, a subcontractor for the U.S. Department of Energy (DOE) that works on nuclear weapons with the National Nuclear Security Administration (NNSA), last month was hit by a cyberattack that experts say came from the relentless REvil ransomware-as-a-service (RaaS) gang.

The Albuquerque, N.M. company’s website has been unreachable since at least June 3, but Sol Oriens officials confirmed to Fox News and to CNBC that the firm became aware of the breach sometime last month.

The company’s statement, captured in a Tweet stream posted by CNBC’s Eamon Javers on Thursday:

“In May 2021, Sol Oriens became aware of a cybersecurity incident that impacted our network environment. The investigation is ongoing, but we recently determined that an unauthorized individual acquired certain documents from our systems. Those documents are currently under review, and we are working with a third-party technological forensic firm to determine the scope of potential data that may have been involved. We have no current indication that this incident involves client classified or critical security-related information. Once the investigation concludes, we are committed to notifying individuals and entities whose information is involved …”

As Javers noted, “we don’t know everything this small company does,” but he posted a sample job posting that indicates that it handles nuclear weapons issues: “Senior Nuclear Weapon System Subject Matter. Expert with more than 20 years of experience with nuclear weapons like the W80-4.” The W80 is a type of nuclear warhead carried on air-launched cruise missiles.

According to an archived version and its LinkedIn profile, Sol Oriens is a “small, veteran-owned consulting firm focused on managing advanced technologies and concepts with strong potential for military and space applications” that works with the “Department of Defense and Department of Energy Organizations, Aerospace Contractors, and Technology Firms (sic) carry out complex programs. … We focus on ensuring that there are well-developed technologies available to maintain a strong National Defense.”

What Was Stolen
Brett Callow, a threat analyst and ransomware expert at the security firm Emsisoft, told Mother Jones that he had spotted Sol Oriens’s internal information posted to the REvil’s dark web blog.

At least for now, the data seems benign enough: It reportedly shows what Mother Jones described as “a company payroll form from September 2020, outing a handful of employees’ names, social security numbers, and quarterly pay. There’s also a company contracts ledger, and a portion of a memo outlining worker training plans. (The memo has Department of Energy and NNSA Defense Programs logos at the top.)”

Whether REvil – or whichever gang proves to be responsible for the attack – got its hands on more sensitive, secret information about the country’s nuclear weapons remains to be seen. But the fact that it got anything at all is, of course, deeply concerning. As Mother Jones pointed out, the NNSA is responsible for maintaining and securing the nation’s nuclear weapons stockpile and works on nuclear applications for the military, along with othe