REvil attacks US nuclear adviser

Sol Oriens, a consultant to the US Department of Energy’s National Nuclear Security Administration (NNSA), was the target of another ransomware attack by cyber gang REvil in May.

In a statement released by CNBC, Sol Oriens said it had identified unauthorized access to certain documents on the systems and that such documents were under review. It also told that a forensic firm had been hired to determine the possible scope of the data involved.

Although the attacker was not named by Sol Oriens, the Revil group is the alleged perpetrator of the attack. A ransomware expert from cybersecurity firm Emsisoft identified in his Dark Web searches of a REvil blog, invoices for contracts with NNSA, descriptions of R&D projects, and employee payrolls.

Sol Oriens has about 50 employees and provides consulting services to the US government on projects related to energy, weapons, and other uses of nuclear technology. The company says it helps the Department of Defense and Department of Energy organizations, aerospace contractors, and technology firms carry out complex programs focused on strong national defense, according to a LinkedIn profile. NNSA, meanwhile, is a semi-autonomous agency of the US Department of Energy responsible for maintaining the safety, security, and effectiveness of the use of nuclear science in military applications. Among other activities, it works with the US Navy on nuclear propulsion and responds to radiological and nuclear emergencies at home and abroad.

There is still no indication that Sol Oriens was targeted because of the work it does, but just another victim who would likely pay ransom to the group. For Michael DeBolt, senior vice president of intelligence at Intel 471, the break-in at Sol Oriens was more a matter of timing than an action linked to state-affiliated entities. According to him, the actors remain primarily motivated by the financial side. Gary Kinghorn, director of marketing at Tempered Networks, said the hacking should not have catastrophic results if it is limited to personal data and contracts, but added that organizations need to wake up to the vast sophistication and resources behind these attacks, whatever the motivation.

The Revil cyber gang has been named as responsible for the recent ransomware cases involving JBS Foods, Apple, and Acer and the highest value ransom demands in history. To distribute ransomware attacks, it cooperates with hired affiliates on cybercriminal forums. According to Kaspersky, the ransom demand is based on the victim’s annual revenue, and distributors receive between 60% and 75% of the amount. According to the interview with operator REvil, the gang made more than US$100 million in 2020.

Sol Oriens, the US Department of Energy, and the National Board have not commented on the report. The consultancy merely issued a statement this week saying it had learned of a serious breach last month and had appointed a forensic technology firm to investigate the incident, while law enforcement authorities have also been informed.

An investigation is ongoing, but the company said on learning of the breach that its computer system was quickly secured and, in addition, any compromised documents would be examined. Sol Oriens is working with a third-party technology forensics firm to determine the scope of potential data that may have been involved in last month’s cyber attack.

As recent ransomware attacks have shown, there can be serious consequences following these breaches. The Colonial Pipeline attack resulted in fuel shortages for more than a week along the East Coast, and the JBS attack briefly impacted the nation’s food supply chain. However, both lose relevance in the face of what could happen if critical nuclear secrets have been exposed.