Cyber Incident Victim: Nucor Corporation
Date:
May 2025
Location:
United States of America
Summary
Nucor Corporation, the largest steel manufacturer in the United States, experienced a cyber incident that forced operational halts at multiple production facilities. The disruption stemmed from attackers exploiting third-party access pathways, mirroring a broader pattern of targeting industrial organizations through supply chain vulnerabilities. This incident caused significant production slowdowns and operational interruptions, demonstrating how compromised external partners can directly impact physical manufacturing environments. The attack highlighted the convergence of cybersecurity risks and physical safety in industrial settings, where unauthorized access to operational systems can trigger real-world production stoppages comparable to mechanical failures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In May 2025, unauthorized actors compromised the systems of Nucor Corporation, the largest steel manufacturer in the United States, forcing the company to halt operations at multiple production plants. This incident occurred shortly after a similar breach at medical device manufacturer Masimo, where attackers accessed on-premises systems, delaying medical equipment shipments and slowing production. While the specific entry vector for Nucor’s breach was not detailed in public reports, the timing and nature of both incidents aligned with a broader pattern of cyberattacks targeting industrial organizations through third-party access points. The operational shutdown represented a direct response to contain the incident, though the duration of the disruption and precise number of affected facilities remained unspecified. Manufacturing sector analysts noted this event as part of a surge in ransomware attacks against industrial organizations, with Dragos reporting 657 such incidents in Q2 2025 alone—65% targeting manufacturing firms.
The attack on Nucor demonstrated tangible convergence between cybersecurity compromises and physical operational impacts, extending beyond IT system disruptions to affect factory floor processes. Production lines were halted entirely at compromised facilities, mirroring the consequences observed in the Masimo breach where manufacturing timelines were delayed. No details emerged regarding whether safety interlocks or process logic were manipulated during the incident, though industry observers highlighted that attackers exploiting third-party access could theoretically execute such actions using valid credentials. Nucor’s response focused on containment through operational pauses rather than public disclosures about specific compromised systems or recovery timelines. This incident reinforced cybersecurity trends identified in industrial attacks throughout 2025, where compromised suppliers or service providers enabled threat actors to bypass direct targeting of secured enterprise networks. The operational stoppage underscored the material consequences of cyber-physical system interdependencies in critical manufacturing environments.