US nuclear weapons supplier hit by ransomware attack

cybercriminal
(Image credit: Pixabay)

A US defense contractor has reportedly been targeted by the REvil ransomware (opens in new tab) gang, which has shared snippets of the exfiltrated data as proof of the attack.

Bleeping Computer (opens in new tab) caught hold of a posting on the dark web where REvil listed the names and shared details about their victims. One of the companies mentioned was Sol Oriens, who contracts with various government agencies including the US Department of Defense, and Department of Energy.

In a statement (opens in new tab) to CNBC’s Senior Washington correspondent Eamon Javers, Sol Oriens has confirmed losing data in a cyberattack in May 2021.

“In May 2021, Sol Oriens became aware of a cybersecurity (opens in new tab) incident that impacted our network environment. The investigation is ongoing, but we recently determined that an unauthorized individual acquired certain documents from our systems,” read the statement shared with Javers.

No classified details

Sol Oriens further added that it is working with third-party digital forensics experts to gauge the extent and scope of the stolen data.

In the posting that Bleeping Computer saw on the dark web, REvil itself claims to have obtained payroll (opens in new tab) data, including salary information and social security numbers of its Sol Oriens’ employees.

The threat actors even published images of a hiring overview document, payroll documents, and a wages report, to substantiate their claims. They also threatened that if the contractor doesn’t pony up, REvil will share the data with rival military agencies.

Security experts believe REvil, which is thought to be behind the recent attack on major meat processing company JBS (opens in new tab), is said to operate out of Russia or one of the other former Soviet states (opens in new tab)

Experts suggest these countries turn a blind eye to their activities as long as they don’t target victims within their borders. However, in a joint statement leaders from the G7 countries have asked Russia (opens in new tab) to rein in the threat actors operating within its jurisdiction.

While one such ransomware group, Avaddon has closed shop (opens in new tab), REvil seems to continue to operate with impunity.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.