Big Steelmaker Halts Operations After Cyber Incident - Dark Reading

Threat IntelligenceICS/OT SecurityVulnerabilities & ThreatsCyberattacks & Data BreachesNewsBig Steelmaker Halts Operations After Cyber IncidentNucor made it clear its investigation is still in the early stages and didn't specify the nature or scope of the breach, nor who the threat actor might be.Kristina Beek,Associate Editor,Dark ReadingMay 15, 20251 Min ReadSource: Bernhard Classen via Alamy Stock PhotoNEWS BRIEFNucor, a North Carolina-based steel manufacturer, has paused production after discovering a server breach.According to the 8-K form the company filed this week, an unauthorized third party accessed the steelmaker's IT systems. After discovering the cyber incident, Nucor activated its incident response plan and took potentially affected systems offline.The company has since launched an investigation alongside third-party cybersecurity experts and notified federal law enforcement.Nucor didn't specify which facilities were affected or the nature of the attack, but as a manufacturer, the company is considered part of US critical infrastructure. It has reported net sales of $7.83 billion in the first quarter of 2025 and employs roughly 25,000 people, making it an attractive target for threat groups.It's unclear how the disruption will affect Nucor's business. However, the company noted in its 8-K filing that it's "currently in the process of restarting the affected operations."There is also no word as to who the threat actor is, though likely threat groups in the realm of critical infrastructure attacks continue to be Salt Typhoon and Volt Typhoon.The Cybersecurity and Infrastructure Security Agency (CISA) also continues to warn the public, along with the FBI, Environmental Protection Agency, and the Department of Energy of cyber incidents affecting the operational technology and industrial control systems of critical infrastructure entities in the US.Read more about:News BriefsAbout the AuthorKristina BeekAssociate Editor, Dark ReadingKristina Beek is an associate editor at Dark Reading, where she covers a wide range of cybersecurity topics and spearheads video-related content. She is the creator and host of the Heard It From a CISO video series, where she interviews CISOs, directors, and other industry strategists to provide insights into the ever-evolving cybersecurity landscape. In addition to her editorial work, Kristina manages Dark Reading's social media channels and contributes to the platform's video coverage.Kristina graduated from North Carolina State University in 2021 with a degree in Political Science, concentrating in law and justice, and a minor in English. During her time at NC State, she honed her writing skills by contributing opinion pieces to the university's newspaper. After graduation, she began her career as a content editor before joining Dark Reading.Currently based in Washington, DC, you can find Kristina reading, taking walks in Georgetown, and wandering the museums surrounding the National Mall.See more from Kristina BeekMore InsightsIndustry ReportsFrost Radar™: Non-human Identity Solutions2026 CISO AI Risk ReportThe ROI of AI in SecurityCybersecurity Forecast 2026ThreatLabz 2025 Ransomware ReportAccess More ResearchWebinarsBuilding a Robust SOC in a Post-AI WorldRetail Security: Protecting Customer Data and Payment SystemsRethinking SSE: When Unified SASE Delivers the Flexibility Enterprises NeedSecuring Remote and Hybrid Work Forecast: Beyond the VPNAI-Powered Threat Detection: Beyond Traditional Security ModelsMore WebinarsEditor's ChoiceCybersecurity OperationsWhy Stryker's Outage Is a Disaster Recovery Wake-Up CallWhy Stryker's Outage Is a Disaster Recovery Wake-Up CallbyJai VijayanMar 12, 20265 Min ReadWant more Dark Reading stories in your Google search results?2026 Security Trends & OutlooksThreat IntelligenceCybersecurity Predictions for 2026: Navigating the Future of Digital ThreatsJan 2, 2026Cyber RiskNavigating Privacy and Cybersecurity Laws in 2026 Will Prove DifficultJan 12, 2026|7 Min ReadEndpoint SecurityCISOs Face a Tighter Insurance Market in 2026Jan 5, 2026|7 Min ReadThreat Intelligence2026: The Year Agentic AI Becomes the Attack-Surface Poster ChildJan 30, 2026|8 Min ReadDownload the CollectionKeep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeWebinarsBuilding a Robust SOC in a Post-AI WorldThurs, March 19, 2026 at 1pm ESTRetail Security: Protecting Customer Data and Payment SystemsThurs, April 2, 2026 at 1pm ESTRethinking SSE: When Unified SASE Delivers the Flexibility Enterprises NeedWed, April 1, 2026 at 1pm ESTSecuring Remote and Hybrid Work Forecast: Beyond the VPNTues, March 10, 2026 at 1pm ESTAI-Powered Threat Detection: Beyond Traditional Security ModelsWed, March 25, 2026 at 1pm ESTMore WebinarsWhite PapersAutonomous Pentesting at Machine Speed, Without False PositivesFixing Organizations' Identity Security PostureBest practices for incident response planningIndustry Report: AI, SOC, and Modernizing CybersecurityThe Threat Prevention Buyer's Guide: Find the best AI-driven threat protection solution to stop file-based attacks.Explore More White PapersGISEC GLOBAL 2026GISEC GLOBAL is the most influential and the largest cybersecurity gathering in the Middle East & Africa, uniting global CISOs, government leaders, technology buyers, and ethical hackers for three power-packed days of innovation, strategy, and live cyber drills.📌 Book Your Space