Medical giant Stryker crippled after Iranian hackers remotely wipe computers
Summary
Medical giant Stryker has been significantly impacted by a cyberattack where thousands of devices were remotely wiped, potentially by a pro-Iranian hacking group that may have compromised the company's Microsoft Intune management system. The company reported disruptions to its information systems and business applications, stating there was no indication of malware or ransomware and that the situation was contained to their internal Microsoft environment.
IFF Assessment
The attack on a critical infrastructure company and the wiping of numerous devices represents a significant threat and operational disruption for defenders.
Defender Context
This incident highlights the risks associated with cloud-based device management solutions like Microsoft Intune, as a compromise here can lead to widespread device disruption. Defenders should focus on robust authentication, least privilege access, and continuous monitoring of Intune configurations and activity for any signs of unauthorized changes.