- Handala hackers hit Stryker via compromised Intune admin
- Tens of thousands of devices wiped, but no data theft confirmed
- Medical products remain safe; offline and manual control systems only
When cybercriminals attacked Stryker last week and wiped tens of thousands of electronic devices, they did so without using malware. Instead, they used Intune, Microsoft’s cloud-based endpoint management service, according to sources.
Last week, a hacker collective calling itself Handala (AKA HAtef, Hamsa) said it had broken into Stryker, a Fortune 500 healthcare company with annual revenue in the tens of billions. They claimed to have stolen 50 terabytes of data and wiped “tens of thousands of systems and servers across the company’s network.”
“During this operation, more than 200,000 systems, servers and mobile devices were wiped and 50 terabytes of critical data were extracted,” the attackers reportedly said at the time. “Stryker offices in 79 countries have been forced to close their doors.”
Article continues below
Abusing Intune
Stryker quickly confirmed the reports with an 8-K filing. Several employees also confirmed that their electronic devices had been wiped overnight.
Then, a “source close to the attack” said BeepComputer that Handala managed to compromise an Intune administrator account and used it to create a new global administrator account. With the master account, they issued the wipe command, wiping data from nearly 80,000 devices in a matter of hours. Investigators also disputed Handala’s claims about data exfiltration, saying they found no evidence that any data was deleted.
In a later update, Stryker said its medical devices are safe to use, but electronic ordering systems are offline, meaning customers can only place orders manually, through sales representatives.
“All Stryker products in our global portfolio, including connected, digital and life-saving technologies, remain safe to use,” the company said. “This event was limited to Stryker’s internal Microsoft environment and therefore did not affect any of our products, connected or offline. »
Although unconfirmed, reports indicate that the Handala are “hacktivists linked to the Iranian Ministry of Intelligence and Security,” primarily targeting Israeli organizations around the world.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
