Another company directly linked to the infrastructure of the United States was the victim of a ransomware attack. This time the victim is Sol Orions, which works with US administration departments such as Energy and Defense on projects related to nuclear technology. The personal and salary information of the company’s employees was stolen after the coup.
Information about the case first surfaced on the dark web and was traced by the international press with posts related to the Reville group, which is also said to be behind other recent attacks on infrastructure companies such as food processor JBS. The citation for the attack in question appears in a list of recent victims, along with details of what was obtained and which datasets are for sale or may be commercialized in the future.
Seoul Orions has approximately 50 employees and provides advisory services to the US government on projects related to energy, weapons and other uses of nuclear technology. According to the perpetrators, a ransomware attack carried out in May allowed access to the company’s payroll, which contained workers’ personal data, paid wages and document numbers, as well as rights to tax information.
Worse, documents were taken out relating to recent contracts signed in 2021 with various branches of the US government, as well as details of projects under research and development with the Defense and Energy departments. Threats from criminals include handing over files with industrial secrets to rival companies if the supplier fails to pay the ransom, the value of which has not been disclosed.
The company confirmed it was the victim of a cybersecurity incident that was detected in May, and that those responsible had obtained “certain” documents from its locked systems. However, in an official statement sent to the US press, Sol Orions did not provide details about the attack and said it is still evaluating the case with a partner forensics company that will help understand the scope of the attack.
According to experts consulted by the website Mother Jones, one of the people responsible for discovering the leak, Soul Orion was not the victim of a targeted attack, but was hit by a larger ransomware campaign aimed at financial gain. Only after the settlement did the perpetrators adjust their demands according to the results obtained, focusing on sensitive information as a way of ensuring the maximum possible return from defense.
The US government has not commented on the matter, yet another in a growing list of cybercriminal attacks on the country’s infrastructure companies, and the issue is expected to be discussed during the G7 summit. Joe Biden has pointed fingers more than once at the Russians for harboring cybercriminals and being behind scams that would be construed as terrorism. The Kremlin denies any involvement in the recent events.
Did you like this article?
Subscribe to your email at Canaltech to receive daily updates with the latest news from the world of technology.