stryker

Stryker Recovered from an Iranian Wiper Attack. It Took Three Weeks and 80,000 Devices.

John Z Black Apr 3, 2026

Threat Intelligence #iran #handala #wiper #healthcare #stryker #nation-state #critical-infrastructure #fbi

Iran's Handala group wiped 80,000 devices across Stryker's global network. Maryland EMS lost digital ECG transmission. The DOJ confirmed Iran's government runs Handala.

Iran Is Running Every Cyberattack at Once

John Z Black Mar 28, 2026

Threat Intelligence #iran #unit42 #apt #wiper #handala #stryker #nation-state #bearlyfy #geopolitics #cyber-warfare

Iran isn't running a cyber campaign right now. It's running all of them simultaneously, and Unit 42's latest brief documents exactly that.

From Wiping 80,000 Devices to Hacking the FBI Director: Handala's March

John Z Black Mar 27, 2026

Threat Intelligence #iran #handala #kash-patel #fbi #nation-state #hack-and-leak #stryker #geopolitics

Iran-linked Handala publicly warned they were coming for the FBI. Kash Patel said nothing. The next morning, his cigar photos were on the internet.

Stryker Finds a Malicious File in Its Systems. Production Is Coming Back Online.

John Z Black Mar 25, 2026

Incidents & Breaches #stryker #handala #iran #healthcare #incident-response #unit42

Stryker's forensic investigation with Palo Alto Networks Unit 42 found a malicious file used to run commands and conceal activity, a separate finding from the initial Handala attack. Production recovery is underway.

You Can't Seize the Internet: Iran's Handala Hackers Were Back Online Hours After the FBI Acted

John Z Black Mar 22, 2026

Threat Intelligence #iran #handala #doj #mois #stryker #mdm #microsoft-intune #cyber-deterrence #state-sponsored

The DOJ seized four Handala domains. Iran's MOIS-backed hackers had new infrastructure up within hours, called the action 'trivial,' and kept operating. That tells you everything about the limits of domain seizures as deterrence.

Iran Didn't Need Malware to Cripple Stryker. They Just Used Microsoft Intune.

John Z Black Mar 17, 2026

Threat Intelligence #iran #stryker #handala #intune #mdm #wiper #healthcare #nation-state #critical-infrastructure

The Handala group wiped tens of thousands of Stryker devices using the company's own MDM platform. No malware. No exploit. Just admin access and the willingness to press the button.

Hackers Used Stryker's Own IT Tool to Nuke Its Entire Device Fleet

John Z Black Mar 14, 2026

Threat Intelligence #handala #stryker #mdm #microsoft-intune #iran #wiper #healthcare #nation-state

An Iranian-linked group called Handala reportedly hijacked Microsoft Intune and wiped Stryker's devices at scale. The tool designed to secure their fleet became the weapon that destroyed it.

Iran Hit a Medical Device Giant, a NATO Parliament, and Your Instagram Feed on the Same Day

John Z Black Mar 12, 2026

Threat Intelligence #iran #handala #stryker #wiper-attack #critical-infrastructure #influence-operations #nato #threat-intelligence

March 11 wasn't three separate cyberattacks. It was one coordinated Iranian campaign across three fronts: a wiper on Stryker, a breach of Albania's parliament, and an influence op on Instagram. All in 24 hours.