Steelmaker Nucor Hacked

Summary
1. A leading U.S. steelmaker, suffered a cyberattack where hackers gained unauthorized access to their computer systems on May 13, 2025.
2. The company proactively shut down production operations at multiple steel manufacturing facilities as a safety measure.
3. The company describes the volume of compromised data as "limited" and is still reviewing what information was stolen.
4. All production facilities have resumed normal operations, the hackers no longer have access to company systems.

Charlotte-based steel giant Nucor Corporation disclosed a significant cybersecurity incident where threat actors gained unauthorized access to the company’s information technology infrastructure.

The breach prompted temporary production shutdowns across multiple facilities as the company implemented emergency containment protocols and engaged federal law enforcement authorities to investigate the intrusion.

According to the SEC filing report, Nucor’s cybersecurity team detected unauthorized access to critical IT systems that support operational functions across the company’s steel manufacturing facilities.

The threat actors successfully penetrated the company’s network perimeter and maintained persistence within the compromised infrastructure, forcing Nucor to activate its formal incident response plan immediately upon discovery.

The company proactively implemented network segmentation procedures and took potentially affected systems offline to prevent lateral movement by the attackers.

This defensive measure resulted in temporary limitations to information technology applications that support manufacturing operations, compelling management to halt production activities at various locations as a precautionary measure.

The disruption affected multiple facilities within Nucor’s nationwide network of steel production plants.

Nucor’s comprehensive forensic analysis, conducted in partnership with leading external cybersecurity specialists, confirmed that the threat actors successfully exfiltrated limited datasets from the company’s information technology systems during the breach period.

The investigation revealed evidence of data extraction activities, though the company characterized the volume of compromised information as “limited” in scope.

The stolen data is currently undergoing detailed review and classification to determine the specific types of information accessed by the attackers.

Nucor indicated it will provide appropriate notifications to potentially affected parties and regulatory agencies in compliance with applicable data breach notification statutes and industry-specific cybersecurity regulations.

The company’s investigation team continues analyzing system logs and network traffic patterns to establish a complete timeline of the attackers’ activities within the compromised environment.

Mitigations

Since the initial Form 8-K filing, Nucor has successfully restored all affected production operations and reestablished access to critical information technology applications required for normal business functions.

The company’s cybersecurity team, working alongside external incident response specialists, implemented additional security controls and network hardening measures to prevent future unauthorized access attempts.

Federal law enforcement authorities remain actively involved in the investigation, with Nucor providing full cooperation to support the criminal inquiry into the cyberattack.

The company confirmed that threat actors no longer maintain access to its information technology systems following the comprehensive remediation activities.

Despite the operational disruptions and security breach, Nucor’s management assessment indicates the incident has not materially impacted the company’s financial condition or operational capabilities.

Are you from SOC/DFIR Teams! - Interact with malware in the sandbox and find related IOCs. - Request 14-day free trial

The post Steelmaker Nucor Hacked – Attackers Gained Unauthorized Access to IT Systems appeared first on Cyber Security News.