CISA warned U.S. organizations to harden Microsoft Intune after a March 11 attack exploited the platform to steal data and remotely wipe nearly 80,000 Stryker devices. Microsoft published hardening guidance and CISA urged least-privilege RBAC, Entra ID controls, enforced MFA, and multi-admin approval to prevent similar attacks claimed by the Handala group. #Stryker #MicrosoftIntune #Handala #MicrosoftEntraID
Keypoints
- The March 11 attack used a newly created Global Administrator account to perform a mass wipe via Intune.
- Attackers claim to have stolen 50 terabytes of data before executing the wipe on Stryker systems.
- CISA urged U.S. organizations to harden endpoint management configurations and follow Microsoftโs guidance.
- Key defenses include least-privilege RBAC, Microsoft Entra ID controls, mandatory MFA, and multi-admin approval for sensitive actions.
- Handala, linked to Iranโs MOIS, is known for wiper operations and data theft from targeted organizations.