Nucor, the largest steel manufacturer in the US, shut down production operations after discovering its servers had been penetrated.
In a Tuesday 8-K filing to America’s Securities and Exchange Commission, the metals magnate said some of its facilities had been shut down while an unnamed third-party security company investigates an attack against “certain information technology systems,” without specifying which ones. Law enforcement has also been called in to help.
“As of the date of this filing and in an abundance of caution, the company temporarily and proactively halted certain production operations at various locations. However, the company is currently in the process of restarting the affected operations,” it wrote in its filing.
The steel shifter acknowledged the cyber-intrusion to The Register, but declined to say which facilities were affected and did not comment on the nature of the attack.
We called Nucor production facilities in Alabama, South Carolina, and Indiana but the phone numbers were either shut down, unobtainable, or the representatives declined to add further information.
Nucor has more than 20 steel mills in the US, as well as many fabrication plants for building materials, tubing, and over 70 metals recycling centers. As such it’s a key part of the US critical infrastructure network, and thus an obvious target for those seeking to infiltrate crucial American systems. But it also makes the corporation a good target for ransomware.
As we’ve seen with the Volt Typhoon campaign, Chinese operatives are keen to establish a foothold in American infrastructure and industry. At last month’s RSA Conference, speakers warned that China could infiltrate computer networks to distract or disrupt Americans during major geopolitical events.
“So it’s very hard to get American people excited about, committed to, or patriotic about, a military crisis in Taiwan if at the same moment your ATM is not working, your power is intermittent, and/or your water system is compromised,” warned retired Rear Admiral Mark Montgomery.
Companies like Nucor are also a prime target for extortionists, since shutting down production is immensely costly and would have knock-on effects down the supply chain. As such, an infrastructure victim might be more motivated to pay up just to get things moving again.
For example, in 2021, the Colonial Pipeline ransomware attack shut down 45 percent of the oil supplies to the US East Coast, prompting panic buying at gas stations when supplies ran short. The pipeline paid the extortionists $5 million in ransom, with its CEO later telling a congressional hearing: “I put the interests of the country first.”
The efforts by criminals to subvert the US critical infrastructure haven’t slacked since. In 2023, it’s estimated 70 percent of industrial ransomware attacks are against manufacturers rather than utilities.
We’ll update this with more information as it comes in. ®
