Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Microsoft Intune breach. Show all posts
Stryker cyberattack
Cyber Attacks Handala hackers Healthcare cybersecurity Iran cyber warfare Microsoft Intune breach Stryker cyberattack

Stryker Cyberattack Disrupts Operations as Pro-Iran Hackers Allegedly Wipe Employee Devices

 

Medical technology leader Stryker has begun restoring its systems after a cyberattack that reportedly enabled pro-Iranian hackers to remotely erase data from tens of thousands of employee devices.

The incident caused significant operational disruption and is being viewed as potentially the first large-scale cyberattack in the United States linked to tensions surrounding the Donald Trump administration’s conflict with Iran.

In a weekend update, Stryker confirmed that the March 11 breach was limited to its internal Microsoft environment, emphasizing that its internet-connected medical devices are “safe to use.”

Although investigations into the root cause are ongoing, the company stated it has found no evidence of ransomware or malware involvement. However, disruptions to order processing, manufacturing, and shipping operations persist.

A pro-Iran hacking group known as Handala claimed responsibility for the attack, stating it was retaliation for a U.S. airstrike on an Iranian school that reportedly killed at least 175 people, most of them children. The group also defaced Stryker’s login portals with its branding.

According to Bleeping Computer, the attackers may have gained entry through an internal administrator account, granting them extensive access to Stryker’s Windows network. Reports suggest the hackers accessed Microsoft Intune dashboards, a system used to manage employee devices remotely, including the ability to erase data if devices are lost or stolen.

A successful breach of these dashboards would have allowed attackers to remotely wipe both corporate and personal devices without deploying malware.

The Wall Street Journal also reported that Intune systems were a primary target in the attack.

Stryker has not publicly responded to questions regarding the breach, including whether the compromised account was secured with multi-factor authentication.

The initial entry point for the attackers remains unclear. Researchers from Palo Alto Networks suggested phishing could have been used to infiltrate the network. IBM noted that Iran-linked groups like Handala are known for phishing campaigns and destructive cyber operations, particularly targeting healthcare and energy industries. Infostealer malware, which captures login credentials and sensitive data, may also have contributed to the breach.

Stryker employs approximately 56,000 people globally and operates across more than 60 countries, according to Reuters.
Read more »
Subscribe to: Comments (Atom)