Overview
- Stryker said it is fully operational, with production moving toward peak capacity and commercial, ordering and distribution systems back online.
- The wiper attack disrupted order processing, manufacturing and shipping, and the Handala group claimed large data theft and mass device wipes that observers have questioned.
- Investigators found a malicious file that hid intruder activity, and the attackers created a new Global Administrator after taking a Windows domain admin account.
- CISA and Microsoft issued guidance to secure Intune and harden Windows domains to reduce the chance that management tools get abused for mass wipes.
- U.S. pressure on Handala increased, with the FBI seizing group-linked websites and the State Department offering a reward for information on the hackers.