CISA is urging companies to secure Microsoft Intune systems after hackers mass-wiped Stryker devices

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned companies to secure systems to manage their fleets of employee devices after pro-Iranian hackers breached medical technology giant Stryker and mass-wiped thousands of its phones, tablets and computers.

The agency said Thursday it was urging companies to take action, and confirmed it was aware that hackers used their access to the Windows-based Stryker network to abuse the device’s endpoint systems, causing ongoing disruption to the company’s global operations.

Among the tips, CISA said network administrators should ensure that certain user accounts with access to systems like Microsoft Intune, which Stryker uses to manage its employees’ devices remotely, can only make sensitive or high-impact changes (such as wiping devices) with the second administrator’s approval.

Stryker, which develops medical devices and equipment for hospitals, confirmed on March 11 that it had been hacked, saying it was experiencing a “global disruption” in its network.

The company said the hackers did not deploy malware or ransomware, but reports say the hackers abused their access to Stryker’s internal systems to access its Intune dashboards to remotely delete data stored on tens of thousands of employee devices, including personal phones and computers connected to the Stryker network.

Stryker has since said it contained the cyberattack and is restoring its systems. While the company’s medical devices remain operational, Stryker said its supply, ordering and shipping systems remain offline.

Stryker did not provide a timeline for recovery. The company did not respond to TechCrunch’s request for comment.

A group of pro-Iranian hacktivists, known as Handala, claimed responsibility for the cyberattack on Stryker last week, saying it hacked the company in retaliation for the US killing of dozens of children in an airstrike on a school in Iran. The hackers claimed to have stolen large amounts of data from the company’s network, but did not immediately provide proof of this claim.

TechCrunch reported that the FBI seized the Hanzala Group’s website on Wednesday.