Stryker is ramping production two weeks after alleged Iranian cyber actors used Microsoft Intuneβs device-wipe feature to destroy data on more than 200,000 employee devices, prompting system rebuilds and isolation of unrecovered machines. Palo Alto Networks Unit 42 confirmed the attackers were removed, found no evidence of active unauthorized access to customer systems, and Stryker is prioritizing restoration of customer-facing operations. #Stryker #MicrosoftIntune
Keypoints
- Attackers allegedly used Microsoft Intuneβs device-wipe feature to erase data on over 200,000 Stryker devices.
- Palo Alto Networks Unit 42 confirmed the intruders were removed and found no evidence of customer-system compromise.
- Stryker is rebuilding wiped systems or restoring backups predating the compromise and isolating unrecovered systems while prioritizing customer-facing systems.
- A Justice Department affidavit said the attack disrupted emergency care in Maryland, causing some hospitals to suspend connections and leading to canceled surgeries due to implant shortages.
- Unit 42 identified a malicious file used to hide attacker activity but determined it could not spread, and Stryker reports no malicious activity directed at customers, suppliers, vendors, or partners.
Read More: https://therecord.media/stryker-cyberattack-malware-iran