Stryker says it is fully operational three weeks after a cyberattack claimed by the Iranian‑linked Handala group that stole roughly 50 terabytes of data and wiped nearly 80,000 devices after compromising a Windows domain admin and creating a Global Administrator account. CISA and Microsoft issued guidance to secure Intune and harden Windows domains, the FBI seized two Handala websites, investigators found a stealthy malicious file used to hide activity, and Stryker reports production moving rapidly toward full capacity. #Stryker #Handala
Keypoints
- Attackers claimed to have stolen about 50 TB of data and wiped nearly 80,000 devices.
- The breach involved compromising a Windows domain admin and creating a new Global Administrator account.
- Stryker restored critical systems and reports global manufacturing is fully operational with production nearing peak capacity.
- Investigators found a malicious file used to conceal attacker activity inside Stryker’s network.
- CISA and Microsoft released guidance to harden Intune and Windows domains, and the FBI seized two Handala websites.