Stryker experienced a cyberattack limited to its internal Microsoft environment that remotely wiped tens of thousands of employee devices while the company confirms all medical products remain safe to use. The incident was claimed by Iran-linked hacktivist group Handala, who allegedly used compromised admin credentials to create a Global Administrator and issue an Intune wipe affecting ~80,000 devices, and investigators found no confirmed ransomware deployment or data exfiltration. #Stryker #Handala #Intune #MicrosoftDART #Unit42
Keypoints
- The attack was confined to Strykerβs internal Microsoft corporate environment and did not impact medical devices.
- Handala claimed responsibility and alleged large-scale wiping and data theft, but investigators found no evidence of exfiltration.
- The attacker compromised an admin account, created a Global Administrator, and used Intuneβs wipe command to erase nearly 80,000 devices.
- Electronic ordering systems remain offline, requiring customers to place orders manually through sales representatives.
- Microsoft DART and Palo Alto Unit 42 are investigating while Stryker focuses on restoring supply-chain and transactional services.