Particle.news
Download on the App Store
19 ARTICLES
·
2d ago

U.S. Warns on Intune Security After Stryker Hack as Surgeries Are Delayed

Investigators say attackers misused Microsoft Intune’s wipe controls through administrative access.

Blue Screen of Death (BSOD) and Crowstrike logo (Image Credits: Bryce Durbin / TechCrunch)
People clear rubble in a house in the Beryanak District after it was damaged by missile attacks two days before, on March 15, 2026 in Tehran, Iran. The United States and Israel continued their joint attack on Iran that began on February 28. Iran retaliated by firing waves of missiles and drones at Israel, and targeting U.S. allies in the region.
A man uses a phone next to a Microsoft logo during the 56th annual World Economic Forum (WEF) meeting, in Davos, Switzerland, January 20, 2026. REUTERS/Romina Amato
Image

Overview

  • CISA issued guidance to harden endpoint management and highlighted Intune safeguards like least‑privilege roles, phishing‑resistant multifactor authentication, and multi‑admin approval for high‑impact actions.
  • Stryker says the intrusion is contained and it is restoring Microsoft systems, but ordering, manufacturing and shipping remain disrupted and some patient‑specific procedures were rescheduled.
  • Reporting points to a compromised Intune administrator account and creation of a new global admin used to mass‑wipe managed devices without deploying malware.
  • Hudson Rock’s Alon Gal linked the breach to credentials harvested by infostealer malware, though Stryker has not detailed the initial access.
  • The Iran‑linked group Handala claimed responsibility and boasted of large data theft and device wipes, claims that remain unverified as the FBI and Justice Department seized related websites.