The hacker group REvil is giving a new victim a headache: a 50-strong company based in Albuquerque, New Mexico that advises the federal government on security-related projects.
Sol Oriens, who advises the US Department of Energy’s National Nuclear Safety Administration, confirmed to CNBC that it became aware of the “cybersecurity incident” in May, its investigation is ongoing and law enforcement agencies have been notified.
In a statement, the company said it “recently discovered that an unauthorized person acquired certain documents from our systems. These documents are currently being reviewed and we are working with an outside forensic technology company to determine the amount of potential data that may have been involved. “
Sol Oriens did not name or confirm the attacker was ransomware, but CNBC learned that the well-known hacker group REvil was responsible for the attack, according to cybersecurity sources.
A cybersecurity firm that has seen documents posted on the dark web told CNBC that they include bills for NNSA contracts, descriptions of research and development projects managed by defense and energy entrepreneurs through 2021, and full name pay slips and social security contributions Sol Orients employees security numbers.
Sol Oriens said there was “no current evidence that this incident is classified or critical security information from customers”. The company didn’t want to say whether it paid a ransom to the attackers.
Sol Orients describes itself as a technology research and development company. For example, a recent job posting on GlassDoor said it was looking for a program analyst who could assist the NNSA with a “complex nuclear conservation program.”
The NNSA, an agency of the Department of Energy, is responsible for maintaining the safety and effectiveness of US nuclear weapons stocks. It also works with the U.S. Navy on nuclear propulsion and responds to radiological emergencies in the United States.
A spokesman for the Department of Energy declined to comment. A spokesman for the National Security Council declined to comment.
REvil was most recently responsible for a ransomware attack on JBS, the world’s largest meatpacker, which brought in a ransom of $ 11 million. In April, REvil stole and released blueprints from Apple supplier Quanta Computer. This attack allegedly requested a $ 50 million ransom.
“Sol Orients, LLC is, in a way, just one name among many,” said cybersecurity firm Intel 471. “There is still no indication that the company has been targeted for its work and is not just another potential payday for hackers . ”
According to screenshots from CNBC, REvil threatened to divulge Sol Orients’ data and documentation on its blog.