The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned companies to secure the systems they use to manage employee devices. This warning follows a cyberattack where pro-Iran hackers breached medical technology giant Stryker and mass-wiped thousands of employee phones, tablets, and computers.
CISA stated it is urging companies to take immediate action. The agency confirmed it is aware that hackers used their access to Stryker’s Windows-based network to misuse its device management systems. This caused ongoing outages to the company’s global operations.
Among its recommendations, CISA advised network administrators to ensure that user accounts with access to systems like Microsoft Intune require a second administrator’s approval for sensitive changes. Such changes include remotely wiping devices. Stryker uses Microsoft Intune to manage its employee devices.
Stryker, which develops medical devices and equipment for hospitals, confirmed it was hacked on March 11. The company said it was experiencing a global network disruption. While the hackers did not deploy malware or ransomware, reports indicate they abused access to Stryker’s internal systems. They accessed Intune dashboards to remotely delete data from tens of thousands of employee devices, including personal phones and computers connected to the network.
Stryker has since contained the cyberattack and is working to restore its systems. The company’s medical devices remain operational, but its supply, ordering, and shipping systems are still offline. Stryker has not provided a timeline for full recovery.
A pro-Iran hacktivist group known as Handala claimed responsibility for the cyberattack on Stryker. The group stated it hacked the company in retaliation for a U.S. air strike on a school in Iran that killed dozens of children. The hackers claimed to have stolen large amounts of data from Stryker’s network but did not immediately provide evidence. Following the attack, the FBI seized the Handala group’s website.