"An analysis of infostealer malware logs, which contain information stolen by such malware, revealed that credentials for Stryker administrator accounts were harvested, alongside dozens of other Microsoft service credentials and mobile device management (MDM) credentials associated with the medtech company."
"According to some reports, the attackers wiped systems by abusing Stryker's Microsoft Intune instance, which is used to remotely manage desktop and mobile endpoints and applications within the organization. Bleeping Computer reported earlier this week that the attackers compromised an Intune administrator account and created a new global admin account, which they used to wipe managed devices."
"Handala, which is believed to be an anti-Israel hacktivist persona under the control of Iran's Ministry of Intelligence and Security (MOIS), claimed to have wiped more than 200,000 devices, forcing Stryker to shut down offices in dozens of countries. The hackers also claimed to have stolen a significant amount of data."
Iran-linked hacker group Handala attacked Stryker, a major medical technology manufacturer, in March, claiming to have wiped over 200,000 devices and stolen significant data. Rather than using wiper malware as initially suspected, attackers compromised an Intune administrator account to create a global admin account for device wiping. New evidence from threat intelligence firm Hudson Rock reveals that the compromised credentials were obtained through infostealer malware logs. Analysis shows that credentials for Stryker administrator accounts were harvested alongside other Microsoft service and mobile device management credentials. Security experts indicate the attackers lacked sophistication and relied on readily available infostealer logs to conduct the breach.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]