On March 11, Stryker suffered a global destructive cyberattack that defaced Microsoft login screens with the Handala logo and remotely wiped managed devices instead of deploying ransomware. The attack leveraged admin access to Microsoft Intune, causing outages across 79 countries, alleged exfiltration of 50 TB and claims of over 200,000 wiped endpoints, and has been attributed to Handala/Void Manticore linked to Iranβs MOIS. #Handala #MicrosoftIntune
Keypoints
- Strykerβs global Microsoft environment was disrupted, with employees finding defaced login screens and many managed devices remotely wiped.
- Attackers claimed to have wiped more than 200,000 systems and exfiltrated roughly 50 terabytes of data.
- The intrusion exploited admin-level access to Microsoft Intune, allowing remote wipe commands to enrolled endpoints.
- Threat intelligence links the Handala persona to Void Manticore and Iranβs Ministry of Intelligence and Security (MOIS).
- The incident forced Stryker to suspend operations across 79 countries and impacted ordering, device management, and communications.
Read More: https://thecyberexpress.com/who-is-handala-hackers-in-stryker-cyberattack/