Skip to content
Tech News
← Back to articles

CISA urges companies to secure Microsoft Intune systems after hackers mass-wipe Stryker devices

2026-03-19 | original
read original get Microsoft Intune Security Kit → more articles
Why This Matters

This incident highlights the critical importance of securing device management systems like Microsoft Intune, especially for organizations in sensitive sectors such as healthcare. It underscores the need for robust access controls and multi-factor approval processes to prevent malicious exploitation and widespread device wipeouts. For the tech industry and consumers, it serves as a reminder that cybersecurity measures must evolve to protect against sophisticated nation-state and hacktivist threats.

Key Takeaways

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned companies to secure systems for managing their fleets of employee devices after pro-Iran hackers broke into medical tech giant Stryker and mass-wiped thousands of its phones, tablets, and computers.

The agency said on Thursday that it was urging companies to take action and confirmed it was aware that hackers used their access to Stryker’s Windows-based network to misuse its device endpoint systems, causing ongoing outages to the company’s global operations.

Among the advice, CISA said network administrators should ensure that certain user accounts that have access to systems like Microsoft Intune, which Stryker uses to remotely manage its employees’ devices, can only make sensitive or high-impact changes (such as wiping devices) with a second administrator’s approval.

Stryker, which develops medical devices and equipment for hospitals, confirmed on March 11 that it had been hacked, saying it was experiencing “global disruption” to its network.

The company said the hackers did not deploy malware or ransomware, but reports say that the hackers abused their access to Stryker’s internal systems to access its Intune dashboards to remotely delete the data stored on tens of thousands of employee devices, including personal phones and computers connected to Stryker’s network.

Stryker has since said it contained the cyberattack and is restoring its systems. While the company’s medical devices remain operational, Stryker said its supply, ordering, and shipping systems remain offline.

Stryker has not given a timeline for its recovery. The company did not respond to TechCrunch’s request for comment.

A group of pro-Iran hacktivists, known as Handala, took credit for the cyberattack on Stryker last week, saying it hacked the company in retaliation for the U.S. killing of dozens of children in an air strike on a school in Iran. The hackers claimed to have stolen reams of data from the company’s network, but did not immediately provide evidence for that claim.

The FBI seized the Handala group’s website on Wednesday, TechCrunch reported.

Explore topics: cisa microsoft intune stryker cyberattack device management
Related:
FBI seizes pro-Iranian hacking group’s websites after destructive Stryker hack
FBI seizes Handala data leak site after Stryker cyberattack
Russian hackers exploit Zimbra flaw in Ukrainian govt attacks
CISA urges US orgs to secure Microsoft Intune systems after Stryker breach
EU Sanctions Companies in China, Iran for Cyberattacks

© 2026 GoKawiil

About | Editorial Policy | Contact