A government contractor based in Albuquerque has enlisted a forensic firm to try to understand how an unauthorized individual acquired certain documents.
Three documents sourced to Sol Oriens LLC, which contain payroll and other proprietary information, appeared on a website affiliated with a Russian-linked hacker group, who call themselves REvil.
In a statement to Business First, Sol Oriens LLC said it learned about the "cybersecurity incident" in May and that law enforcement has been notified. The company said the documents acquired from its systems are "under review." And a third-party technological forensic firm will help "determine the scope of potential data that may have been involved."
"It is important to note that, based on the investigation to date, we have no current indication that this incident involves client classified or critical security-related information," the statement from Sol Oriens says.
A representative for the Federal Bureau of Investigation's Albuquerque field office was unable to be reached for comment.
REvil previously gained notoriety for its high-profile hack on JBS, the world's largest meat producer, and its successful ransom attempt that garnered an $11 million payment. They also hacked a key supplier to Apple, claiming to have stolen blueprints of the computer giant's products.
A Business First review of the data posted by the hackers shows at least one document that mentions Sol Oriens specifically. The document, which lists payroll data and social security numbers for five employees for the quarter ending Sept. 30, 2020, shows Sol Oriens LLC as the employer. The other documents that REvil claims are from the company include what appear to be invoices and a recruiting, hiring and training overview.
Along with posting what appears to be Sol Oriens information, REvil wrote that "we hereby keep a right to forward all of the relevant documentation and data to military angencies of our choise, includig all personal data of employees."
The blog post containing the data posted by the hackers was first reported by Mother Jones.
Sol Oriens' website is no longer live on the internet. Its LinkedIn profile describes the company as a "veteran-owned consulting firm focused on managing advanced technologies and concepts with strong potential for military and space applications." It goes on to say the company has worked with the Department of Defense, the Department of Energy, aerospace contractors and other tech firms.
GovTribe, which keeps a database of government contracts, says Sol Oriens has been awarded $4 million worth of sub-awards. Most of that money is for Air Force and National Nuclear Security Administration projects, according to GovTribe.
Lorie Liebrock, director of the Cybersecurity Center of Excellence (CCoE) in New Mexico, said it is hard to place blame with Sol Oriens. The CCoE focuses on spurring cybersecurity research and workforce development in the state.
“I’m kind of mixed about this because … I don’t know how their data was stolen," Liebrock said. "They need to follow the [cybersecurity] regulations and be doing the best they can to secure their systems … [but] if they are doing it, and somebody comes up with a new attack that they don’t have a defense for, all we can do is our best to improve cybersecurity overall."
While hackers target health care, financial and other types of industries, this incident and others like it highlight a growing national security concern regarding hacks on defense contractors. Government systems were previously breached as part of a sophisticated cyberattack that used altered software from SolarWinds Corp., an information technology software firm in Austin. Such breaches may have more far-reaching impacts compared with attacks on specific companies because certain software and hardware are so widely used.
"Most people inherently trust the compilers that are used to build software," Liebrock said. “The hardware and the software trust have both been broken at this point.”
Officials with the Department of Energy and National Nuclear Security Administration told congressional staffers that there was an attempt to breach Los Alamos National Laboratory through SolarWinds software, according to a December report from Politico. Following that attack, President Joe Biden issued an executive order to improve the nation's cybersecurity. The order declared that "the private sector must … partner with the federal government to foster a more secure cyberspace." It also included measures to remove barriers to sharing threat information with federal agencies.
Westech International Inc., another military contractor based in Albuquerque, also fell victim to a hack that stole secret information. The company's computers were encrypted with ransomware and leaked files suggested the hackers had access to payroll information and emails, according to a June 2020 report from Sky News.
— Albuquerque Business First managing editor Chris Keller contributed to this article.
