mdm

You Can't Seize the Internet: Iran's Handala Hackers Were Back Online Hours After the FBI Acted

John Z Black Mar 22, 2026

Threat Intelligence #iran #handala #doj #mois #stryker #mdm #microsoft-intune #cyber-deterrence #state-sponsored

The DOJ seized four Handala domains. Iran's MOIS-backed hackers had new infrastructure up within hours, called the action 'trivial,' and kept operating. That tells you everything about the limits of domain seizures as deterrence.

Iran Didn't Need Malware to Cripple Stryker. They Just Used Microsoft Intune.

John Z Black Mar 17, 2026

Threat Intelligence #iran #stryker #handala #intune #mdm #wiper #healthcare #nation-state #critical-infrastructure

The Handala group wiped tens of thousands of Stryker devices using the company's own MDM platform. No malware. No exploit. Just admin access and the willingness to press the button.

Hackers Used Stryker's Own IT Tool to Nuke Its Entire Device Fleet

John Z Black Mar 14, 2026

Threat Intelligence #handala #stryker #mdm #microsoft-intune #iran #wiper #healthcare #nation-state

An Iranian-linked group called Handala reportedly hijacked Microsoft Intune and wiped Stryker's devices at scale. The tool designed to secure their fleet became the weapon that destroyed it.