All articles tagged with #intune
CISA urged U.S. organizations to harden Microsoft Intune following Stryker's breach, recommending least-privilege admin access, MFA, RBAC, and multi-admin approvals to prevent the wipe of nearly 80,000 devices.
Last week’s Stryker cyberattack, linked to the Handala hacktivist group, targeted its internal Microsoft environment and used the Intune wipe command to remotely erase data on about 80,000 devices after an admin account was compromised; attackers claimed wiping 200,000 devices and stealing 50 TB, but investigators found no data exfiltration and no malware was deployed. Medical devices remain safe, while electronic ordering systems are offline and orders must be placed via sales reps as restoration proceeds. Microsoft’s DART and Unit 42 are leading the investigation, with full operations and shipping expected to resume as systems recover.