Microsoft abuse, Iranian retaliation: What we know of Stryker hack
A pro-Iranian hacker group called Handala hit medical tech giant Stryker with a major cyberattack on March 11,
Handala claimed it erased data from more than 200,000 systems, servers and mobile devices worldwide.
Investigators say the attackers may have abused Microsoft Intune administrative controls, and the group said the attack was retaliation for a recent US missile strike on an Iranian school that killed at least 175 people, mostly children.
They also claim to have stolen 50TB of data and left their logo on Stryker's login pages.
CISA investigating the breach
Stryker says the breach was contained to its internal Microsoft systems (no ransomware or malware detected so far), but order processing, manufacturing, and shipping are still down with no clear timeline for recovery.
Employees were told to disconnect their devices as a precaution.
The US Cybersecurity and Infrastructure Security Agency (CISA) started investigating the next day.
Security researchers said the attack would represent the first time Handala has targeted a major US company.