Federal cybersecurity agencies urged organizations to harden Microsoft Intune deployments after an alleged Iran-linked cyberattack wiped more than 200,000 devices at medical device firm Stryker. CISA and the FBI advised using role-based access, multi-factor authentication, Microsoft Entra ID, and dual-admin approval policies while federal authorities disrupted the Handala groupβs infrastructure. #Stryker #Intune #Handala
Keypoints
- CISA and the FBI confirmed they are responding to the attack on Stryker that wiped company devices.
- Attackers exploited legitimate access to Microsoft Intune to perform the device wipes rather than using malware.
- Agencies recommend enforcing role-based access control, multi-factor authentication, and Microsoft Entra ID for Intune accounts.
- CISA advised implementing dual-administrator approval for sensitive actions and following Microsoftβs hardening guidance.
- Federal authorities seized a Handala-linked website and are coordinating with partners to identify further threats.
Read More: https://therecord.media/fbi-cisa-warn-of-microsoft-intune-risks-stryker