The US Cybersecurity and Infrastructure Security Agency (CISA) has warned companies to secure systems to manage their employee fleets of devices after pro-Iranian hackers broke into medical technology giant Stryker and wiped thousands of its phones, tablets and computers.
The agency he said Thursday that it urged the companies to take action and confirmed that it was aware that hackers were using their access to Stryker’s Windows-based network to abuse its device endpoint systems, causing ongoing disruptions to the company’s global operations.
Among the recommendations, CISA said network administrators should ensure that certain user accounts that access systems like Microsoft Intune, which Stryker uses to manage its employees’ devices remotely, can only make sensitive or high-impact changes (such as wiping devices) with the approval of a second administrator.
Stryker, which develops medical devices and equipment for hospitals, confirmed on March 11 that it had been breached, saying it was experiencing a “global outage” in its network.
The company said the hackers did not develop malware or ransomware, but reports say the hackers abused their access to Stryker’s internal systems to access Intune dashboards to remotely wipe data stored on tens of thousands of employee devices, including personal phones and computers connected to Stryker’s network.
Stryker has since said it has contained the cyberattack and is restoring its systems. While the company’s medical devices remain operational, Stryker said its supply, ordering and shipping systems remain offline.
Stryker has not given a timeline for his recovery. The company did not respond to TechCrunch’s request for comment.
A pro-Iranian hacktivist group known as Handala claimed credit for the Stryker cyber attack last week, saying it hacked the company in retaliation for the killing of dozens of US children in an air strike on a school in Iran. The hackers claimed to have stolen reams of data from the company’s network, but did not immediately provide evidence for that claim.
The FBI seized the Handala group’s website on Wednesday, TechCrunch reported.
