Stryker’s Intune wipe hits 80,000 devices; no malware used
Last week’s Stryker cyberattack, linked to the Handala hacktivist group, targeted its internal Microsoft environment and used the Intune wipe command to remotely erase data on about 80,000 devices after an admin account was compromised; attackers claimed wiping 200,000 devices and stealing 50 TB, but investigators found no data exfiltration and no malware was deployed. Medical devices remain safe, while electronic ordering systems are offline and orders must be placed via sales reps as restoration proceeds. Microsoft’s DART and Unit 42 are leading the investigation, with full operations and shipping expected to resume as systems recover.