Stryker has confirmed investigators identified a malicious file used in the March 11 Iran-linked attack claimed by Handala, and evidence suggests the actor likely abused the company’s Microsoft Intune environment—possibly after obtaining credentials via infostealer malware—to wipe devices. The company reports no evidence of widespread malware or ransomware affecting customers or partners, says restoration is underway with help from Palo Alto Networks Unit 42 and US agencies, and the incident disrupted order processing, manufacturing, and shipping. #Stryker #Handala #MicrosoftIntune #PaloAltoUnit42 #MOIS #FBI
Keypoints
- Stryker identified a malicious file used in the March 11 attack claimed by Handala.
- Investigators found no evidence that ransomware or widespread malware was deployed across Stryker’s systems.
- Evidence points to abuse of Microsoft Intune and possible use of credentials obtained via infostealer malware.
- The incident disrupted order processing, manufacturing, and shipping, and Stryker reports meaningful progress restoring impacted systems.
- Palo Alto Networks Unit 42 and US agencies, including the FBI, are involved in the investigation and have linked Handala to Iran’s MOIS.
Read More: https://www.securityweek.com/stryker-says-malicious-file-found-during-probe-into-iran-linked-attack/