- Handala hackers attacked Stryker via compromised Intune manager
- Tens of thousands of devices wiped, but no data theft confirmed
- Medical products remain safe; order systems offline and only manually
When cybercriminals attacked Stryker last week and wiped tens of thousands of electronic devices, they did so without using any malware. Instead, they used Intune, Microsoft’s cloud-based endpoint management service, sources say.
Last week, a hacking collective calling itself Handala (also known as HAtef, Hamsa) said it had broken into Stryker, a Fortune 500 healthcare company with tens of billions in annual sales. They claimed to have stolen 50 terabytes of data and wiped “tens of thousands of systems and servers on the company’s network.”
“In this operation, more than 200,000 systems, servers and mobile devices were wiped, and 50 terabytes of critical data were extracted,” the attackers reportedly said at the time. “Stryker offices in 79 countries have been forced to close.”
Article continues below.
Abuse Intune
Stryker soon confirmed the reports with an 8-K filing. Several employees also confirmed that their electronic devices were wiped overnight.
Then, a “source familiar with the attack” said beepcomputer that Handala managed to compromise an Intune administrator account and used it to create a new global administrator account. Using the master account, they initiated the wipe command, wiping data from nearly 80,000 devices in a matter of hours. Researchers have also disputed Handala’s claims about data exfiltration, saying they found no evidence that any data was deleted.
In a later update, Stryker said its medical devices are safe to use, but that electronic ordering systems are offline, meaning customers can only place orders manually, through sales representatives.
“All Stryker products in our global portfolio, including connected, digital and life-saving technologies, remain safe to use,” the company said. “This event was contained in Stryker’s internal Microsoft environment and, as a result, did not impact any of our products, connected or not.”
Although unconfirmed, reports say that Handala are “hacktivists linked to Iran’s Ministry of Intelligence and Security”, primarily targeting Israeli organizations around the world.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
