GoKawiilLast week's cyberattack on medical technology giant Stryker was limited to its internal Microsoft environment and remotely wiped tens of thousands of employee devices.
The organization says in an update on Sunday that all its medical devices are safe to use but electronic ordering systems remain offline, and customers must place orders manually through sales representatives.
Stryker emphasizes that the incident was not a ransomware attack and that the threat actor did not deploy any malware on its systems.
Last week, Stryker was the target of a cyberattack claimed by the Handala hacktivist group, believed to be linked to Iran.
The attacker alleged that they wiped “over 200,000 systems, servers, and mobile devices” and stole 50 terabytes of data. However, investigators did not find any indication that data was exfiltrated.
Following the disruption, Stryker employees in multiple countries started to complain that their managed devices had been remotely wiped overnight.
Some employees had their personal devices enrolled in the company network and lost personal data during the wiping process.
Hackers had Global Admin privileges
A source familiar with the attack told BleepingComputer that the threat actor used the wipe command in Intune, Microsoft’s cloud-based endpoint management service, to erase data from nearly 80,000 devices between 5:00 and 8:00 a.m. UTC on March 11.
The attacker carried out the action after compromising an administrator account and creating a new Global Administrator account.
... continue reading