The recent breach of Stryker, a leading US medical technology firm, was linked to compromised credentials obtained through infostealer malware.

Key Points:

• Stryker breach claimed by Handala, an Iran-linked hacker group.

• Attack involved compromised administrator credentials and Microsoft Intune exploitation.

• Analysis shows infostealer malware was used to harvest credentials for Stryker's systems.

• Stryker's operations faced disruptions but stated all products remain safe.

• US cybersecurity agencies involved in investigating the incident.

On March 11, the US medical technology company Stryker suffered a cyberattack attributed to Handala, a hacker group believed to be backed by Iran's Ministry of Intelligence and Security. Stryker, known for its surgical and orthopedic products, reported significant operational disruptions after the attack. Handala claimed to have wiped hundreds of thousands of devices, although Stryker found no direct evidence of malware deployment on its systems.

Subsequent investigations revealed that the hackers exploited Stryker’s Microsoft Intune system, using compromised administrative credentials to remove data. Threat intelligence experts, particularly Alon Gal of Hudson Rock, indicated that these credentials were likely obtained through infostealer malware, which targets and collects sensitive information from victims’ systems. This breach underscores the critical need for companies to actively manage their security protocols, especially regarding credential updates and incident responses, to prevent large-scale infiltrations that could compromise sensitive information and disrupt business functions.

How can companies better safeguard their credentials to prevent breaches similar to the Stryker incident?

Learn More: Security Week

Want to stay updated on the latest cyber threats?

👉 Subscribe to /r/PwnHub