CISA urges companies to secure Microsoft Intune systems after hackers mass-wipeStryker devices

CISA has issued a warning for companies to secure their Microsoft Intune systems after pro-Iran hackers, Handala, hacked Stryker and mass-wiped thousands of its devices. Stryker's cyberattack, attributed to retaliation for a U.S. airstrike, has caused global disruptions. The agency advises stronger account controls to prevent misuse in the future.

Key Points

• The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a warning.
• Pro-Iran hackers, identified as Handala, infiltrated Stryker's network and mass-wiped devices.
• Stryker confirmed the hack on March 11, reporting global network disruptions.
• CISA recommends that administrative access to systems like Microsoft Intune requires dual approval for sensitive changes.
• Handala claims the attack was retaliation for U.S. actions in Iran.
• Stryker's supply chain systems remain offline, although medical devices are operational.

Relevance

• The attack highlights increasing cybersecurity threats against critical infrastructure in healthcare.
• Historical context involves rising tensions and cyber warfare tactics among state actors and hacktivists.
• As of 2025, there are trends toward enhancing endpoint security and implementing stronger identity and access management protocols in IT.

The Stryker incident underscores urgent cybersecurity challenges, emphasizing the need for robust protocols in managing device access and responding to state-sponsored cyber-attacks in an increasingly hostile digital landscape.