An Iran-linked hacker group has claimed accountability for a cyberattack on a medical tech firm in what seems to be the primary important occasion of Iran’s hacking an American firm because the begin of the struggle between the international locations.
The corporate, Stryker, which is headquartered in Michigan, produces a variety of medical tools and know-how.
Traditionally, Iran has performed a few of the most notorious “wiper” cyberattacks on nationwide enemies, aiming to easily erase all knowledge on computer systems’ networks. Victims embody Saudi Aramco, Saudi Arabia’s nationwide oil firm, in 2012, and the Sands On line casino in 2014.
Because the struggle began, some established hacker teams sympathetic to Iranian management have claimed minor assaults, however most have been relegated to briefly altering the looks of a web site, and none have appeared to have had main affect. Some tech and cybersecurity corporations, together with Google, and the e-mail cybersecurity firm Proofpoint have instructed NBC Information that they’ve largely seen Iran’s hackers conducting espionage associated to the struggle.
However that seems to have modified Wednesday, with what seems to have been a unique kind of assault that additionally deleted data from gadgets. A Stryker worker, who requested to not be recognized as a result of they aren’t approved to talk for the corporate, mentioned that worker’s work-issued telephones stopped working, grinding work and communications with colleagues to a standstill.
Handala Group has claimed accountability for the Stryker hack in statements on its Telegram and X accounts. The group routinely brags about its exploits on the social media platforms, which have in latest days taken down earlier variations of their accounts.
Specifics of how the hack was performed aren’t clear. However public proof of the hack factors to the probability that hackers gained entry to the corporate’s Microsoft Intune account, which the worker confirmed Stryker makes use of. From there, Handala seems to have wiped some staff’ gadgets again to manufacturing unit settings, an professional mentioned.
“They appear to have obtained entry to the Microsoft Intune administration console. This can be a answer for managing company gadgets,” mentioned Rafe Pilling, the director of menace intelligence on the cybersecurity firm Sophos, which has tied Handala to Iran’s Intelligence Ministry.
“One of many options is the power to remotely wipe a tool if it’s misplaced/stolen and so on. Seems like they triggered that for some or all the enrolled gadgets,” he mentioned in a written trade.
Microsoft’s web site describes the distant wipe function as “generally used when a tool must be retired, repurposed, reset for troubleshooting, or securely erased if misplaced or stolen.”
In an announcement on its web site Wednesday, Stryker mentioned that the disruption was as a consequence of a cyberattack however that its personal techniques weren’t straight hacked and that ransomware — a typical kind of cybercrime that may additionally considerably disrupt corporations’ networks — was not an element.
“Stryker is experiencing a world community disruption to our Microsoft atmosphere on account of a cyber assault. We now have no indication of ransomware or malware and imagine the incident is contained,” the assertion mentioned.
The corporate didn’t reply to a request for additional particulars. Microsoft didn’t reply to a request for remark.
