A recent amendment to an 8-K form filed in May from Charlotte, North Carolina-based Nucor Corporation confirmed that America’s largest steel producer suffered a “cybersecurity incident affecting certain information technology systems.” The filing with the Securities and Exchange Commission (SEC) confirmed that attackers stole data from its systems.
The incident led Nucor, which produces approximately one-quarter of the country’s raw steel, to temporarily halt production at some of its facilities out of an “abundance of caution.” The initial 8-K filing stated that Nucor responded to the attack by initiating its incident response plan and taking potentially affected systems offline. The company also notified authorities and employed the help of third-party cybersecurity experts.
In the June 20 filing, the company confirmed that attackers were able to infiltrate some IT systems, impacting access and stealing “limited” amounts of data. As part of its ongoing investigations, Nucor has stated that the threat actor, which is yet to be identified, no longer has access to its systems, and that internal access has been restored.
It’s unique that such a high-profile hack would go unclaimed, especially if it were a ransomware attack. However, this incident highlights the ongoing battle facing manufacturers and critical infrastructure operations who are being targeted more frequently by state-sponsored hacking organizations.
Chris Grove, Nozomi Network’s Chris Grove offered the following commentary on the hack.
“Although detailed public information is limited, this incident has similarities to the Colonial Pipeline event, where operational technology (OT) systems were shut down out of precaution following an information technology (IT) breach.
“Some may wonder why an IT breach necessitates shutting down OT systems. In today’s industrial environments, IT systems often directly influence operational processes. For instance, in a pipeline, while OT systems physically control valves, IT systems handle their scheduling. Thus, even if valves are secure, compromised scheduling systems can halt operations.
“During cyber incidents, organizations face significant challenges: identifying the initial breach source, tracking attacker lateral movements, assessing operational impacts, and executing an effective incident response. Successful responses rely on detailed forensic data across diverse technologies, from Windows endpoints and network equipment to industrial control systems. Organizations invest heavily in cybersecurity infrastructure precisely for incidents like these: when their solutions and procedures face critical tests.”