U.S. Steel manufacturer Nucor Corporation said a cyber attack involving unauthorized access forced it to shut down certain IT systems, disrupting production at various facilities.
Charlotte, North Carolina-based Nucor is the largest U.S. steelmaker with over 20 steel mills, 70 metals recycling centers, and numerous fabrication facilities. It employs over 32,000 people in North America and reported $7.83 billion in the first quarter of 2025.
“Nucor Corporation recently identified a cybersecurity incident involving unauthorized third party access to certain information technology systems used by the Company,” the company stated in an SEC filing.
It responded by shutting down systems to contain the incident and prevent further intrusion or entrenchment in its IT infrastructure.
U.S. steel manufacturer Nucor responds to a cyber attack
The steel manufacturer said it took immediate steps to contain the intrusion, including activating cyber incident protocols and proactively shutting down the systems impacted by the cyber attack.
It also launched an investigation with third-party cyber forensics to determine the nature and scope of the incident and notified relevant law enforcement. Efforts to restore impacted systems to resume normal operations are ongoing.
“As of the date of this filing and in an abundance of caution, the Company temporarily and proactively halted certain production operations at various locations. However, the Company is currently in the process of restarting the affected operations,” said Nucor.
Nucor has not disclosed the threat actor’s identity or the attack vector exploited during the cyber attack. However, it bears all the hallmarks of a politically motivated incident after President Donald Trump announced blanket aluminum and steel tariffs on all countries to prop up the U.S. manufacturing industries.
“Nucor may also have been targeted due to the ongoing trade war between the U.S. and China. China is not above using hackers to disrupt U.S. industry during such trade wars,” said Chris Hauk, Consumer Privacy Champion at Pixel Privacy.
Supply chain disruption due to cyber attacks
Chinese state-linked hackers have for years infiltrated U.S. critical infrastructure in preparation for disruptive cyber attacks in the case of a major global geopolitical event. Trump’s tariffs sent shockwaves across the entire world economic system.
While China’s direct steel shipments to the United States accounted for less than 1% of its total steel exports, transshipments through third countries like Vietnam, Mexico, and Brazil account for 8% of its total steel exports, thus making Trump’s blanket tariffs devastating to the country’s economy.
Subsequently, disrupting the largest U.S. steel manufacturer could signal that the United States was not ready to solely depend on domestic production, thus undermining Trump’s tariffs.
Coincidentally, Nucor is also the primary supplier for rebar, the reinforcement steel bars used in skyscrapers, roads, and bridges.
Subsequently, supply disruption of these building components could significantly affect critical projects and increase prices, causing public outcry, which is typically the motive behind politically motivated cyber attacks.
“The Nucor situation represents yet another concerning example of critical infrastructure disruption due to a cyber incident,” noted Javvad Malik, Lead Security Awareness Advocate at KnowBe4. “While their response in the SEC filing offers very little by way of details, the incident highlights the persistent vulnerability of manufacturing environments to both nation-state actors and criminal enterprises.”
“Disruption in steel production can ripple through supply chains, affecting construction, automotive, and manufacturing sectors,” added Aditya Sood, VP of Security Engineering and AI Strategy at Aryaka.
However, no evidence suggests that China or other geopolitical and economic rivals were responsible for the cyber attack on the largest U.S. steel manufacturer, or that the attack was politically motivated.
Similarly, financially motivated threat actors have frequently targeted U.S. critical infrastructure, including manufacturers, for huge ransom payouts.
“The economic impact for such victims is particularly challenging,” added Malik. “When production stoppages create immediate financial impact and supply chain disruptions, the pressure to resolve quickly—potentially through ransom payment—becomes intense, as demonstrated by the Colonial Pipeline incident.”
So far, no cybercrime group has claimed responsibility for the Nucor cyber attack, and the steel manufacturer has yet to disclose the nature of the incident, including whether ransomware was involved.
The steel manufacturer is also still assessing the material impact of the cyber attack on its production and financial condition.
“As the investigation of the incident is ongoing, the Company will continue to monitor the timing and materiality of the incident,” it stated.
