CISA calls on businesses to safeguard Microsoft Intune systems following a mass wipe of Stryker devices by hackers.

CISA calls on businesses to safeguard Microsoft Intune systems following a mass wipe of Stryker devices by hackers.

sparta

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has alerted organizations to bolster the security of their employee device management systems following a breach by pro-Iran hackers at medical technology leader Stryker, which resulted in the mass deletion of thousands of its phones, tablets, and computers.

On Thursday, the agency recommended that businesses take proactive measures and confirmed its knowledge of hackers exploiting their access to Stryker’s Windows-based infrastructure to manipulate its device management systems, leading to persistent disruptions in the company’s global operations.

Among its recommendations, CISA advised network administrators to ensure that specific user accounts with access to systems like Microsoft Intune—which Stryker utilizes to remotely control its employees’ devices—can execute sensitive or high-impact actions (such as erasing devices) only with the approval of a second administrator.

Stryker, which manufactures medical devices and equipment for hospitals, acknowledged on March 11 that it had suffered a cyberattack, noting it was facing “global disruption” to its network. 

The company reported that the hackers did not deploy malware or ransomware, but sources indicate that they exploited their access to Stryker’s internal systems to get into its Intune dashboards and remotely erase data on tens of thousands of employee devices, including personal phones and computers linked to Stryker’s network.

Stryker has indicated that it contained the cyber incident and is working on restoring its systems. While the company’s medical devices continue to function, Stryker stated that its supply chain, ordering, and shipping systems remain offline. 

Stryker has not announced a timeline for its recovery efforts. The company did not reply to TechCrunch’s inquiry for comments.

A faction of pro-Iran hacktivists called Handala claimed responsibility for the cyber breach on Stryker last week, stating they targeted the company in response to the U.S. strike that killed numerous children at a school in Iran. The hackers asserted that they had exfiltrated large volumes of data from the company’s network, although they did not provide immediate proof of this allegation.

According to TechCrunch, the FBI confiscated the Handala group’s website on Wednesday.

Leave a Reply