Global steel manufacturer Nippon Steel reveals it was the victim of a recent zero-day attack, and the hackers responsible may have leaked the stolen data of tens of thousands of business partners, customers, and employees combined.
-
Nippon Steel announces it was hit by a zero-day attack in March.
-
Hundreds of global business partners, over 100,000 employees, and an undisclosed number of customers data was accessed.
-
The steel manufacturing giant was claimed by the BianLian ransomware group earlier this year, although its not known of the incidents are connected.
Nippon Steel, the fourth largest crude steel producer, posted a notice announcing the March 7th attack on its website earlier this week, “deeply apologizing” for the security breach.
This is the second attack the company has suffered in 2025; the first was an alleged ransomware attack that took place back in February. It not claer if there is any connection between the two attacks.
“We have recently discovered that our company's internal network was subject to unauthorized access (zero-day attack) due to a software vulnerability,” the Tokyo-based company wrote, translated from Japanese.
The world’s fourth-largest crude steel producer then revealed that “the personal information of our customers, partners, and employees may have been leaked to the outside,” including both past and present affiliations with the company.
The company said that none of the cloud services it provides to customers have been impacted by the “zero-day attack on network equipment.”
Once the “suspicious activity” was detected, Nippon Steel said it was able to isolate the affected server and mitigate the damage with the help of outside cybersecurity experts.
Limited data accessed
Nippon Steel deals has hundreds of business partnerships worldwide, including 316 consolidated subsidiaries and 96 equity method affiliates, and lists over 113,000 employees worldwide, according to its website.
Business segments and industry sectors include engineering and construction, chemicals and materials, IT system solutions, research and development, automotive, appliances, and medical care.
The publicly traded Fortune 500 company has manufacturing bases and offices in over a dozen countries across Asia, North, Central, and South America, Europe, the Middle East, and Africa, as well as 10 branches in Japan.
Although the announcement did not specify the amount of data accessed or how many customers, partners, and employees may have been exposed, the data appears to be limited in scope.
The company confirmed the specific data accessed for each group as follows.
-
Nippon Steel Customers:
- Name, company name, affiliation, job title, company address, business email address, and phone number
-
Nippon Steel Business Partners:
- Name, business email address (our company domain address provided by our company)
-
Nippon Steel employees:
- Name, department, position, business email address
The steel manufacturing giant said there was currently no evidence that the information has been spread or circulated on social media or the dark web, but still warned those affected to be wary of suspicious phone calls or emails that could be part of targeted phishing attacks.
Second cyberattack this year
This is the second cyber incident Nippon Steel has suffered this year.
In February, the BianLian ransomware gang claimed it had successfully exfiltrated 500 GB of data from Nippon’s US division networks.
In that attack, the personal contact information to the company's C-suite executives, including Nippon Steel’s CEO and Chairman Eiji Hashimoto and President Hiroshi Moto was also stolen.
Other information purportedly taken by the ransom group included accounting and client financial data, file server data, and production data.
What makes that attack interesting to note is that Nippon Steel appeared on BianLian’s ransomware leak blog for a short time, but was then dissapeared, leading to speculation that the company had paid a ransom demand to the gang.
It's not uncommon for ransomware gangs to carry out what is called “double extortion” on its victims, meaning the ransomware group will ask a victim to pay to get their data back, but then either secretly keep a copy of the data or even stay hidden in the victim’s system to launch a second ransom attack.
In the July 8th notice the company said it is taking extra security measures to prevent a recurrence, including the “reconstruction of devices that were illegally accessed and strengthening exit measures and behavior detection.”
Each of Nippon Steel's business partners has already been contacted, and the company said it is currently in the process of contacting compromised employees and customers, with some notices still yet to go out.
On June 18th, Nippon Steel finally completed a years-long controversial takeover deal of the US Steel company. Ironically the deal had been put on hold in January, just weeks before the first ransomware attack made headlines.
Your email address will not be published. Required fields are markedmarked