Stryker Identifies Malicious File in Cyberattack, Says Incident Is Contained

Overview

• Stryker, which shared a new update Monday, said investigators found a malicious file that let the intruder run commands and hide activity inside its Microsoft-based environment.
• The company said the file could not spread within or outside its network and reported that it removed the unauthorized user from its systems.
• A letter from Palo Alto Networks Unit 42 dated March 20 reported no evidence of access to customer, supplier, vendor, or partner systems and no ongoing unauthorized activity after March 11.
• Recovery teams are rebuilding affected systems from backups, isolating them to prevent re-entry, and restoring operations with manufacturing ramping up and ordering and shipping brought back online.
• Security researchers say the likely path was abuse of Microsoft Intune, a tool for remotely managing company devices, while the US has linked the claiming group Handala to Iran’s intelligence service and seized some of its websites.