CP
cyberpings
Threat IntelHIGH

Stryker Cyberattack - Tens of Thousands of Devices Wiped

BCBleepingComputer
StrykerHandalaIntuneMicrosoftwiper
🎯

Basically, a hacker group erased many devices at Stryker without using any malware.

Quick Summary

A recent cyberattack on Stryker wiped tens of thousands of devices without using malware. The attack, linked to the Handala group, raises serious security concerns. Stryker is working to restore services and ensure product safety.

What Happened

Last week, a significant cyberattack targeted the medical technology giant Stryker. The attack was limited to its internal Microsoft environment, but it had a massive impact, wiping tens of thousands of employee devices. Stryker confirmed that their medical devices remain safe, but their electronic ordering systems are currently offline, forcing customers to place orders manually through sales representatives.

The incident was not a ransomware attack, as no malware was deployed on Stryker’s systems. Instead, the Handala hacktivist group, allegedly linked to Iran, claimed responsibility for the attack. They claimed to have wiped over 200,000 systems and servers while also stealing 50 terabytes of data. However, investigators found no evidence of data exfiltration.

Who's Affected

The attack primarily affected Stryker employees across multiple countries. Many reported that their managed devices were remotely wiped overnight. Some employees lost personal data as their personal devices were enrolled in the company network. This incident has raised concerns about internal security protocols and the potential for future attacks.

Stryker has assured its customers that all products, including connected and life-saving technologies, are safe to use. However, the disruption has caused operational challenges, particularly in processing orders and shipping.

Tactics & Techniques

According to sources familiar with the attack, the threat actor compromised an administrator account and created a new Global Administrator account. They used the wipe command in Intune, Microsoft’s cloud-based endpoint management service, to erase data from nearly 80,000 devices in a matter of hours. This method highlights a concerning vulnerability in endpoint management systems that organizations must address.

The investigation is ongoing, with the Microsoft Detection and Response Team (DART) collaborating with cybersecurity experts from Palo Alto Unit 42. Their findings will be crucial in understanding the full scope of the attack and preventing similar incidents in the future.

Defensive Measures

In response to the attack, Stryker is focused on restoring its supply-chain system and resuming normal operations. They are working diligently to ensure that core transactional systems are on a clear path to recovery. Customers are encouraged to maintain communication with company personnel while systems are being restored.

To protect against similar attacks, organizations should review their internal security protocols, particularly around administrative access and endpoint management. Implementing multi-factor authentication and regular audits of administrator accounts can help mitigate risks associated with unauthorized access.

🔒 Pro insight: This incident underscores the critical need for robust endpoint management security and strict access controls to prevent unauthorized administrative actions.

Original article from

BleepingComputer · Ionut Ilascu

Read Full Article

Share

Related Pings

HIGHThreat Intel

Iranian Cyber Threats - Evolution to Identity Weaponization

Iranian cyber operations have evolved from using wiper malware to exploiting legitimate tools for identity weaponization. This shift poses serious risks to organizations globally. Understanding these tactics is crucial for enhancing cybersecurity defenses.

Palo Alto Unit 42·
HIGHThreat Intel

Cybercrime - Surge of 245% Linked to Iran Conflict

Cybercrime has surged by 245% since the start of the Iran war. Banks and businesses worldwide are facing increased threats. This situation poses serious risks to security and infrastructure.

The Register Security·
HIGHThreat Intel

Microsoft Teams Phishing Campaigns - Rapid7 Guidance Alert

Rapid7 has identified a rise in phishing campaigns using Microsoft Teams. Threat actors impersonate IT departments to trick users into granting remote access. This poses a serious risk to organizational security.

Rapid7 Blog·
HIGHThreat Intel

Cyberattack - Disrupts Parking Payments in Russian City

A cyberattack in Perm, Russia, disrupted parking payments, making them free for several days. City officials confirmed the system is now operational again. This incident highlights ongoing cybersecurity threats affecting urban infrastructure in the region.

The Record·
HIGHThreat Intel

Threat Intel - 2025 Identity Threat Landscape Revealed

Credential theft is skyrocketing, with millions of passwords exposed. Organizations need to act fast to protect sensitive data. Discover how infostealer malware is evolving and what steps to take.

Recorded Future Blog·
HIGHThreat Intel

Threat Intelligence - Key Cyberattack Insights Revealed

A major cyberattack on Stryker disrupts global operations, with Handala Hack claiming responsibility. Other breaches include Telus and Signal, highlighting ongoing threats. Stay alert and informed.

Check Point Research·