Stryker breach spotlights risk of weaponized device-management tools
TL;DR Summary
A March 2026 Stryker cyberattack allegedly used Microsoft Intune to remotely wipe thousands of devices, with Iran-linked Handala claiming credit and up to 50 terabytes of data stolen. Researchers say the attack leveraged living-off-the-land techniques rather than a flaw in Intune, highlighting how MDM/UEM platforms can be abused. MFA and multi-account approvals for destructive actions are advised as Stryker works with forensic experts and the CISA investigates the incident.
- Stryker attack raises concerns about role of device management tool Cybersecurity Dive
- Iran appears to have conducted a significant cyberattack against a U.S. company, a first since the war started NBC News
- How ‘Handala’ Became the Face of Iran’s Hacker Counterattacks WIRED
- After Stryker cyberattack, Houston cos. could face cybersecurity threats during Iran war The Business Journals
- Iran-linked cyberattack targets company with a Homewood office causing global disruptions AL.com
Reading Insights
Total Reads
1
Unique Readers
2
Time Saved
10 min
vs 11 min read
Condensed
97%
2,161 → 69 words
Want the full story? Read the original article
Read on Cybersecurity Dive