CISA urges firms to lock down Microsoft Intune after Stryker mass-wipe
Mar 19th 2026
After attackers abused Stryker’s network to mass-wipe devices via Microsoft Intune, CISA warned companies to secure device-management systems and limit privileged actions to prevent similar outages.
- Pro-Iran hacker group Handala claimed responsibility for the March 11 attack on Stryker.
- Attackers used access to Stryker’s Windows network to misuse Microsoft Intune and remotely wipe tens of thousands of employee devices.
- Stryker said no malware or ransomware was deployed and its medical devices remain operational, but supply, ordering, and shipping systems are offline.
- CISA advised companies to harden endpoint management systems like Intune and require a second administrator for high-impact actions such as device wipes.
- Handala claimed to have stolen data but has not provided evidence, and the FBI seized the group’s website.
- Stryker says it contained the incident and is restoring systems but has not given a recovery timeline.
Articles
- Robotics surgical biz Intuitive discloses phishing attack go.theregister.com
- CISA urges companies to secure Microsoft Intune systems after hackers mass-wipe Stryker devices techcrunch.com
- Lock down Microsoft Intune, feds warn after Stryker attack go.theregister.com