Few Americans might have ever heard of the Colonial Pipeline or known that JBS is the nation’s largest meatpacker until each company was the target of ransomware attacks this spring. These certainly weren’t the first, and likely won’t be the last companies to be targeted by such a nefarious cyberattack.
However, another recent victim truly stands out.
Albuquerque, New Mexico-based Sol Oriens LLC was targeted by cyber criminals last month and what makes this especially troubling is that the company is a U.S. nuclear weapons contractor. The firm describes itself as aiding the “Department of Defense and Department of Energy Organizations, Aerospace Contractors, and Technology Firms carry out complex programs.”
Exactly what that means isn’t clear – and likely much of what the company actually does is classified.
However, as CNBC reported, the company has multiple openings including for program managers and consultants but also for a “Nuclear Weapons Systems Subject Matter Expert.” That job reportedly involves working with the National Nuclear Security Administration (NNSA), so anything the company does likely falls into the category of “above my pay grade.”
The New Mexico-based research and development consultancy was reportedly targeted by REvil (Ransomware Evil), a private ransomware-as-a-service (RaaS) operation that has been known to operate since at least 2019. The exact location of the hacking collective isn’t known, but it is believed to be located in Russia due to the fact that it doesn’t target Russian organizations, and some cybersecurity researchers also believe the group could be an offshoot of the now-defunct GandCrab hacker group.
After past attacks, the REvil hackers warned that they would publish any stolen information on their “Happy Blog” on the dark web unless a ransom was paid.
The group has a history of targeting such tech companies as Apple, but it is also believed to be behind last month’s targeted ransomware attack on JBS. The firm reportedly paid the hackers $10 million in Bitcoin to regain access to its systems.
Sol Oriens Responds
On Monday, Sol Oriens released a statement saying it had become aware of a serious breach last month, and that it had appointed a technology forensic firm to investigate the incident, while law enforcement agencies have also been informed.
An investigation is ongoing, but the company has said upon learning of the breach that its computer system was quickly secured and moreover that any compromised documents would be placed under review. Sol Oriens also said that it is now working with a third-party technological forensic firm to determine the scope of the potential data that may have been involved in the last month’s cyber attack.
In a statement the company also said it has “no current indication that this incident involves client classified or critical security-related information.” The company has also declined to say if it paid any ransom to the hackers.
The Department of Energy (DoE) issued its own response and said it was aware of the attack on the veteran-owned firm and stated, “There is no evidence that any DOE or NNSA data was compromised and there is no risk or impact to any government systems. We continue to stay in close communications with Sol Oriens.”
As the recent ransomware attacks have shown, there can be grave consequences following these breaches. The Colonial Pipeline attack resulted in fuel shortages for more than a week along the East Coast, and the attack on JBS briefly impacted the nation’s food supply chain. However, both pale to what could happen if critical nuclear secrets were to be exposed.
“Though the company’s interactions with the DoD and DoE make the hack seriously concerning, it’s unclear whether the cybercriminals involved accessed any sensitive materials or if they were able to extend the breach beyond Sol Oriens’ network,” said technology analyst Charles King of Pund-IT.
“Given the work the company is reportedly involved in, that’s something we may never know,” King told ClearanceJobs.
Regardless of what may have been compromised, this recent breach shows that hackers will continue to be increasingly brazen in selecting their targets.
“A small, veteran-owned company, most likely bound by multiple NIST Standards, working on nuclear weapons secrets, is probably one of the more secure manufacturers out there,” Chris Grove, technology evangelist with defense & critical infrastructure cybersecurity specialists Nozomi Networks, told ClearanceJobs via an email.
“And yet, we see the same story repeat itself – when the ‘Big Game Hunter’ cybercriminals target an organization, they are likely to get in,” Grove added and said that if defenders aren’t ready for an attack today, the cost of recovery will be far greater.
“The scary part is that Sol Oriens is only one of the 300,000-plus companies sitting in the same boat,” warned Grove. “Our Defense Industrial Base is a crucial part of our national defense, and in general, leads the way in security in many facets, including cybersecurity. Sometimes it’s a global DIB manufacturer with big budgets for high tech tools and cybersecurity programs trying to defend a massive global footprint. Other times it’s a smaller, secretive, defendable footprint. But the storyline is the same.”
It could also be argued that this was a hack that should have been preventable, and the warning sights to be especially due diligent were there.
“The fact that Sol Oriens was breached months after the Solar Winds attack was made public suggests that the company failed to adequately secure its network despite warnings that cybercriminals and state actors were targeting sensitive U.S. government agencies and networks,” added King. “Such ineptitude would be deeply inappropriate given the services Sol Oriens provides.”