{ "id": "45d13c84-b9d9-476c-91a7-31102cfc9c46", "created_at": "2026-04-06T00:13:23.693215Z", "updated_at": "2026-04-10T13:12:14.404295Z", "deleted_at": null, "sha1_hash": "e68c1cfeb10a4dbcdbc13382b569148aababbefd", "title": "REvil ransomware hits US nuclear weapons contractor", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 3995684, "plain_text": "REvil ransomware hits US nuclear weapons contractor\r\nBy Lawrence Abrams\r\nPublished: 2021-06-14 · Archived: 2026-04-05 23:47:03 UTC\r\nSource: Defense.gov\r\nUS nuclear weapons contractor Sol Oriens has suffered a cyberattack allegedly at the hands of the REvil ransomware gang,\r\nwhich claims to be auctioning data stolen during the attack.\r\nSol Oriens describes itself as helping the \"Department of Defense and Department of Energy Organizations, Aerospace\r\nContractors, and Technology Firms carry out complex programs.\"\r\nHowever, job postings first spotted by CNBC correspondent Eamon Javers provide some insight into Sol Orien's operations,\r\nwho are seeking program managers, consultants, and a 'Nuclear Weapon System Subject Matter Expert' to work with\r\nthe National Nuclear Security Administration (NNSA).\r\n\"Sol Oriens LLC currently has an opening for a Senior Nuclear Weapon System Subject Matter. Expert with more than 20\r\nyears of experience with nuclear weapons like the W80-4. This. Subject Matter Expert works with NNSA Federal and other\r\nContractor personnel to organize,. coordinate, implement, and manage technical program activities for the W80-4 Life\r\nExtension. Program.,\" says one of the job postings.\r\nhttps://www.bleepingcomputer.com/news/security/revil-ransomware-hits-us-nuclear-weapons-contractor/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/revil-ransomware-hits-us-nuclear-weapons-contractor/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\n\"Position Responsibilities. Planning and managing nuclear weapon life extension programs and associated. stockpile\r\nmanagement as they relate to the maintenance of a highly reliable and safe. nuclear deterrent.\"\r\nREvil claims to have stolen data from Sol Oriens\r\nLast week, the REvil ransomware operation listed companies whose data they were auctioning off to the highest bidder.\r\nOne of the listed companies is Sol Oriens, where REvil claims to have stolen business data and employees' data, including\r\nsalary information and social security numbers.\r\nAs proof that they stole data during the attack, REvil published images of a hiring overview document, payroll documents,\r\nand a wages report.\r\nAs a way to pressure Sol Oriens into paying the threat actor's extortion demands, the ransomware gang threatened to share\r\n\"relevant documentation and data to military angencies (sic) of our choise (sic).\"\r\nThreat to share stolen data with military agencies\r\nIn a statement shared by Javers on Twitter, Sols Oriens confirmed a cyberattack in May 2021 that affected their network.\r\n\"The investigation is ongoing, but we recently determined that an unauthorized individual acquired certain documents from\r\nour systems.\"\r\n\"Those documents are currently under review, and we are working with a third-party technological forensic firm to\r\ndetermine the scope of potential data that may have been involved.\"\r\n\"We have no current indication that this incident involves client classified or critical security-related information. Once the\r\ninvestigation concludes, we are committed to notifying individuals and entities whose information is involved.\"\r\nLike many other ransomware operations, REvil is believed to be operating out of Russia or another CIS country.\r\nOver the weekend, G7 leaders issued a statement asking Russia to help disrupt ransomware gangs believed to be operating\r\nwithin its borders.\r\nPresident Biden will also be discussing the recent ransomware attacks with Russian President Vladimir Putin at the June\r\n16th Geneva summit.\r\nhttps://www.bleepingcomputer.com/news/security/revil-ransomware-hits-us-nuclear-weapons-contractor/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/revil-ransomware-hits-us-nuclear-weapons-contractor/\r\nhttps://www.bleepingcomputer.com/news/security/revil-ransomware-hits-us-nuclear-weapons-contractor/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://www.bleepingcomputer.com/news/security/revil-ransomware-hits-us-nuclear-weapons-contractor/" ], "report_names": [ "revil-ransomware-hits-us-nuclear-weapons-contractor" ], "threat_actors": [ { "id": "aa73cd6a-868c-4ae4-a5b2-7cb2c5ad1e9d", "created_at": "2022-10-25T16:07:24.139848Z", "updated_at": "2026-04-10T02:00:04.878798Z", "deleted_at": null, "main_name": "Safe", "aliases": [], "source_name": "ETDA:Safe", "tools": [ "DebugView", "LZ77", "OpenDoc", "SafeDisk", "TypeConfig", "UPXShell", "UsbDoc", "UsbExe" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434403, "ts_updated_at": 1775826734, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/e68c1cfeb10a4dbcdbc13382b569148aababbefd.pdf", "text": "https://archive.orkl.eu/e68c1cfeb10a4dbcdbc13382b569148aababbefd.txt", "img": "https://archive.orkl.eu/e68c1cfeb10a4dbcdbc13382b569148aababbefd.jpg" } }