Particle.news
Download on the App Store
16 ARTICLES
·
2h ago

CISA Urges Companies to Harden Microsoft Intune After Stryker Wipe Attack

The move follows a mass device wipe at a major med‑tech firm that investigators say exploited endpoint management controls.

Blue Screen of Death (BSOD) and Crowstrike logo (Image Credits: Bryce Durbin / TechCrunch)
People clear rubble in a house in the Beryanak District after it was damaged by missile attacks two days before, on March 15, 2026 in Tehran, Iran. The United States and Israel continued their joint attack on Iran that began on February 28. Iran retaliated by firing waves of missiles and drones at Israel, and targeting U.S. allies in the region.
A man uses a phone next to a Microsoft logo during the 56th annual World Economic Forum (WEF) meeting, in Davos, Switzerland, January 20, 2026. REUTERS/Romina Amato
Image

Overview

  • U.S. cyber authorities issued an alert instructing organizations to tighten Intune and similar endpoint management setups, emphasizing least‑privilege roles, phishing‑resistant MFA, and multi‑admin approval for high‑impact actions such as device wipes.
  • Investigators and reporting indicate the intruders misused Stryker’s Intune console after compromising administrator access, with new research suggesting the credentials were likely harvested from infostealer malware logs.
  • Stryker says the incident is contained and restoration is underway, noting the impact was limited to its Microsoft environment while ordering and shipping remain disrupted and products continue to be safe to use.
  • The Handala hacktivist persona, linked by analysts to Iran’s intelligence apparatus, claimed responsibility for the intrusion and large‑scale data theft, though key elements of those claims have not been independently verified.
  • The FBI and CISA are engaged with the company as part of the investigation, and security firms warn the operation reflects a broader surge in Iran‑aligned disruptive activity targeting private‑sector networks.