News has surfaced that Nucor, the largest steel manufacturer in the US, shut down production operations after discovering its servers had been penetrated.
Nucor Corporation (the “Company”) recently identified a cybersecurity incident involving unauthorized third party access to certain information technology systems used by the Company. Upon detecting the incident, the Company began promptly taking steps to contain and respond to the incident, including activating its incident response plan, proactively taking potentially affected systems offline and implementing other containment, remediation, or recovery measures. The Company is actively investigating the incident with the assistance of leading external cybersecurity experts and has notified federal law enforcement authorities.As of the date of this filing and in an abundance of caution, the Company temporarily and proactively halted certain production operations at various locations. However, the Company is currently in the process of restarting the affected operations.
As the investigation of the incident is ongoing, the Company will continue to monitor the timing and materiality of the incident.
Javvad Malik, Lead Security Awareness Advocate at KnowBe4 had this to say:
“The Nucor situation represents yet another concerning example of critical infrastructure disruption due to a cyber incident. While their response in the SEC filing offers very little by way of details, the incident highlights the persistent vulnerability of manufacturing environments to both nation-state actors and criminal enterprises.”
“The economic impact for such victims is particularly challenging. When production stoppages create immediate financial impact and supply chain disruptions, the pressure to resolve quickly—potentially through ransom payment—becomes intense, as demonstrated by the Colonial Pipeline incident.”
“This case should serve as a reminder that operational technology security requires investment proportional to its critical importance. For manufacturers like Nucor, cybersecurity isn’t restricted to IT but a fundamental business continuity issue.”
Rebecca Moody, Head of Data Research at Comparitech added this:
“While Nucor hasn’t disclosed the nature of the attack and no gangs have claimed responsibility for the attack as of yet, there’s a high probability that we could be looking at a ransomware attack. So far this year, we’ve seen 19 such attacks on US manufacturers. Not only can these attacks cause widespread disruption, like we’re seeing with Nucor, but the majority of these attacks (18) have also seen data breached. Over 33,000 records are confirmed to have been impacted in these attacks, highlighting the ongoing double-extortion tactics used by ransomware gangs.”
“This is why the manufacturing sector is a key target for ransomware gangs: 1) because it can ill-afford downtime (our recent study found manufacturing companies lose an average $1.9 million per day of downtime after a ransomware attack) and 2) because these companies often have key data that can be exploited, too.”
“If this is indeed a ransomware attack, it’s likely data will have been stolen and, given the company’s size, this breach could be extensive.”
Chris Hauk, Consumer Privacy Champion at Pixel Privacy follows up with this:
“With multiple steel mills, reducing centers, and fabrication plants in the U.S., Nucor is an attractive target for a ransomware attack. A company like Nucor can’t afford extended downtime, so it will likely be willing to pay a ransom to get its systems released by the bad guys. Nucor may also have been targeted due to the ongoing trade war between the U.S. and China. China is not above using hackers to disrupt U.S. industry during such trade wars.”
“While not a direct piece of the U.S. infrastructure, Nucor definitely is a major supplier to companies that make up the infrastructure, also making them an attractive target for the bad actors of the world.”
I would be interested in hearing the details of this attack. Hopefully we get those as given the scant level of information, this attack could be bad, or really bad.
Like this:
Like Loading...
Related
This entry was posted on May 15, 2025 at 1:44 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Nucor Pwned In Some Sort Of Cyberattack
News has surfaced that Nucor, the largest steel manufacturer in the US, shut down production operations after discovering its servers had been penetrated.
Nucor Corporation (the “Company”) recently identified a cybersecurity incident involving unauthorized third party access to certain information technology systems used by the Company. Upon detecting the incident, the Company began promptly taking steps to contain and respond to the incident, including activating its incident response plan, proactively taking potentially affected systems offline and implementing other containment, remediation, or recovery measures. The Company is actively investigating the incident with the assistance of leading external cybersecurity experts and has notified federal law enforcement authorities.As of the date of this filing and in an abundance of caution, the Company temporarily and proactively halted certain production operations at various locations. However, the Company is currently in the process of restarting the affected operations.
As the investigation of the incident is ongoing, the Company will continue to monitor the timing and materiality of the incident.
Javvad Malik, Lead Security Awareness Advocate at KnowBe4 had this to say:
“The Nucor situation represents yet another concerning example of critical infrastructure disruption due to a cyber incident. While their response in the SEC filing offers very little by way of details, the incident highlights the persistent vulnerability of manufacturing environments to both nation-state actors and criminal enterprises.”
“The economic impact for such victims is particularly challenging. When production stoppages create immediate financial impact and supply chain disruptions, the pressure to resolve quickly—potentially through ransom payment—becomes intense, as demonstrated by the Colonial Pipeline incident.”
“This case should serve as a reminder that operational technology security requires investment proportional to its critical importance. For manufacturers like Nucor, cybersecurity isn’t restricted to IT but a fundamental business continuity issue.”
Rebecca Moody, Head of Data Research at Comparitech added this:
“While Nucor hasn’t disclosed the nature of the attack and no gangs have claimed responsibility for the attack as of yet, there’s a high probability that we could be looking at a ransomware attack. So far this year, we’ve seen 19 such attacks on US manufacturers. Not only can these attacks cause widespread disruption, like we’re seeing with Nucor, but the majority of these attacks (18) have also seen data breached. Over 33,000 records are confirmed to have been impacted in these attacks, highlighting the ongoing double-extortion tactics used by ransomware gangs.”
“This is why the manufacturing sector is a key target for ransomware gangs: 1) because it can ill-afford downtime (our recent study found manufacturing companies lose an average $1.9 million per day of downtime after a ransomware attack) and 2) because these companies often have key data that can be exploited, too.”
“If this is indeed a ransomware attack, it’s likely data will have been stolen and, given the company’s size, this breach could be extensive.”
Chris Hauk, Consumer Privacy Champion at Pixel Privacy follows up with this:
“With multiple steel mills, reducing centers, and fabrication plants in the U.S., Nucor is an attractive target for a ransomware attack. A company like Nucor can’t afford extended downtime, so it will likely be willing to pay a ransom to get its systems released by the bad guys. Nucor may also have been targeted due to the ongoing trade war between the U.S. and China. China is not above using hackers to disrupt U.S. industry during such trade wars.”
“While not a direct piece of the U.S. infrastructure, Nucor definitely is a major supplier to companies that make up the infrastructure, also making them an attractive target for the bad actors of the world.”
I would be interested in hearing the details of this attack. Hopefully we get those as given the scant level of information, this attack could be bad, or really bad.
Share this:
Like this:
Related
This entry was posted on May 15, 2025 at 1:44 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.