![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
thewayneStryker is a global firm with facilities in 79 countries and over $25 billion in revenue. And a group that calls themselves Handala claims to have infiltrated them and launched a wiper attack after exfiltrating data. They used Microsoft's Intune service to execute remote wipe commands against any device that is running Outlook.
50 gigabytes of data. POOF. Now we shall see how good of a data/disaster recovery plan and whether they've practiced it.
Among Stryker's lines of business were providing supplies to hospitals, and also transmitting EKG data from field paramedics to hospitals. Supply ordering is unavailable with their systems down, and hospitals are disconnecting the non-working EKG link for fear of the wiper getting into their system.
Handala's published claim of responsibility calls Stryker a 'Zionist-rooted corporation', apparently they bought an Israel-based medtech company a few years ago.
https://krebsonsecurity.com/2026/03/iran-backed-hackers-claim-wiper-attack-on-medtech-firm-stryker/
50 gigabytes of data. POOF. Now we shall see how good of a data/disaster recovery plan and whether they've practiced it.
Among Stryker's lines of business were providing supplies to hospitals, and also transmitting EKG data from field paramedics to hospitals. Supply ordering is unavailable with their systems down, and hospitals are disconnecting the non-working EKG link for fear of the wiper getting into their system.
Handala's published claim of responsibility calls Stryker a 'Zionist-rooted corporation', apparently they bought an Israel-based medtech company a few years ago.
https://krebsonsecurity.com/2026/03/iran-backed-hackers-claim-wiper-attack-on-medtech-firm-stryker/
no subject
Date: 2026-03-12 10:31 pm (UTC)no subject
Date: 2026-03-12 10:47 pm (UTC)Very much so.
no subject
Date: 2026-03-12 11:13 pm (UTC)So glad that work does not run Outlook.
no subject
Date: 2026-03-12 11:47 pm (UTC)Two notes: 1. I was trying to create a log in to a US based medical supply company, and couldn't. I wonder if they were affected by this. 2. The province is insisting on Outlook for official medical communications supposedly b/c it's secure. Hahahahaha.
no subject
Date: 2026-03-13 12:30 am (UTC)They are an international company, so it's entirely possible the company you were trying to sign in to was a Stryker company under a different flag.
no subject
Date: 2026-03-13 05:52 am (UTC)Not sure what else of theirs we use.
Hugs, Jon
no subject
Date: 2026-03-13 06:34 am (UTC)High chance your supply closet gets a lot of gear from them, but that's a problem for your supply dept.
no subject
Date: 2026-03-13 10:04 am (UTC)LOL..................
no subject
Date: 2026-03-14 06:07 am (UTC)It's got to be nice to know that the administration consoles that supposedly are there for fleet management can also be used for mass destructive acts as well. All it takes is one way in from the person with the privileges, and all goes according to plan.
One wonders, though, why a medical devices company gets hit with this, rather than something more directly connected to the missile that destroyed the school. Of what was available in the Krebs article, the connection seems rather tenuous. If this was a tantrum looking for a target, that's one thing, but they should say as much, rather than spinning up theories.
no subject
Date: 2026-03-14 06:27 am (UTC)I must have misread the article, or perhaps there was a typo. I thought 50 gig was rather small. Yeah, it is odd that if you're going to do an IT strike in retaliation for the bombing of the school, Raytheon or equivalent would make a lot more sense. I would guess that perhaps they were already inside Stryker, so it was an easy target to wipe.