A threat actor claims to have breached the servers of Cooper Steel Fabricators, a prominent Tier-1 structural steel fabricator based in the United States. The company, known for being AISC-certified and a direct contractor for major entities, allegedly suffered a direct server breach resulting in the exfiltration of a substantial dataset.
The actor has listed a “complete mirror” of the company’s FTP server for sale, demanding a payment of $28,500 USD in cryptocurrency (XMR or BTC). The listing asserts that the breach comprises exactly 330 GB of data with no deletions or extraneous files.
According to the actor, the compromised data includes highly detailed technical documents and proprietary project information. The allegedly compromised data includes:
-
Project ROCKY (Job 3325): Full Tekla Structures 2025 models, including heavy moment frames, shop and erection drawings, and SLAM Platform packages.
-
Publix Greensboro Refrigerated Distribution Center (Job 02 WH): Complete coordinated sets of architectural, structural, mechanical, and refrigeration piping drawings.
-
Amazon Data Center CMH5 (Job 3114): Project details potentially including structural specifications for hyperscale data center operations.
-
Additional Project Files: Drawings and data related to Walmart distribution centers, cold storage facilities, and other supporting structures.
-
Technical Specifications: PE-stamped drawings, 3D models, and precise camber tables.












