The US Department of Energy (DOE) maintains a subcontract with a business called Sol Oriens, which provides nuclear weapons consulting for the National Nuclear Security Administration (NNSA).

In late May, Sol Oriens became aware of a cyber security event. Subsequently, the organization’s documents were leaked on the dark web. Information released included invoices for NNSA contracts, descriptions of research and development projects and more.

Wage sheets that list full names of employees, social security numbers and other sensitive data may have also been included in the leak. Nonetheless, there is “no current indication that this incident involves client classified or critical security-related information,” says Sol Oriens.

Sol Oriens’ NNSA contract

A 50-person team based in Albuquerque New Mexico, Sol Oriens provides government consulting services on security-related initiatives. A recent job description listed on a prominent job recruiting site mentioned that a new hire would assist with a “complex nuclear weapon sustainment program.”

Within the US Department of Energy, the NNSA directs strategies around the “safety, security and effectiveness” of the US nuclear weapons arsenal. The NNSA also collaborates with the US Navy on nuclear propulsion and is responsible for US-based radiological emergencies.

Sol Oriens’ breach

“[We have] recently determined that an unauthorized individual acquired certain documents from our systems. Those documents are currently under review, and we are working with a third-party technological forensic firm to determine the scope of potential data that may have been involved,” stated the company.

According to CNBC, the attacker group known as REvil conducted the cyber attack campaign directed towards Sol Oriens. To date, spokespersons for the National Security Council and the Department of Energy have declined to comment on the issue.

According to some cyber security experts, the Sol Oriens attack may simply be one among the many that have occurred in recent weeks. Evidence does not yet indicate that Sol Oriens was targeted due to its government work. The REvil gang may just want a the payout from a ransom.

Appropriate federal, state and local agencies received information pertaining to the attack. An investigation is underway.

Subcontractors’ security

The NNSA is responsible for the security of the nation’s nuclear weapons stockpile, among other sophisticated oversight duties. Why is it that a subcontractors’ cyber security posture would fail to defeat REvil and other cyber attackers? How could Sol Oriens have prevented this attack?

Relentless REvil

Across the past several months, REvil has launched multiple high-profile ransomware attacks.

  • In May, the JBS Foods ransomware episode, which forced the company to shut down in some parts of the world, and led to concerns about meat shortages, was conducted by REvil.
  • In April, REvil hit Apple with a ruse just ahead of its 2021 product launch. The group demanded $50 million in extortion fees. As described in a past Cyber Talk article, the original attack hit Quanta, a manufacturer of Apple products.
  • Did REvil access the SolarWinds network? Researchers report that threat actors claiming to have breached SolarWinds’ systems may be affiliated with the REvil ransomware gang, although further investigation is needed.

The real-world effects of ransomware and other targeted cyber attacks can cripple organizations, infrastructure, economies or worse. To read about ransomware’s elevated status as a US threat to national security, click here.

For more on this story, visit CNBC.