\n<\/p>\n
Medical tech giant Stryker said it\u2019s in the process of restoring its computers and internal network following a cyberattack that reportedly allowed pro-Iranian hackers<\/a> to remotely wipe tens of thousands of employee devices.<\/p>\n The hack, which brought ongoing widespread disruption to the company\u2019s operations, is thought to be the first major cyberattack in the United States in response to the Trump administration\u2019s war in Iran.<\/p>\n Stryker said in an update over the weekend<\/a> that the March 11 cyberattack was contained to the company\u2019s internal Microsoft environment, and that its internet-connected medical products are \u201csafe to use.\u201d<\/p>\n While the cause of the breach is still under investigation, the medical device tech maker said it has seen no indication of ransomware or malware. Stryker said its ability to process orders, manufacture, or ship devices continues to be disrupted.<\/p>\n A pro-Iran hacking group called Handala took credit for the destructive breach<\/a>, claiming its hack was in response to a U.S. air strike on an Iranian school<\/a> that killed at least 175 people, mostly children. The hackers also defaced the company\u2019s login pages with its own logo.<\/p>\n According to Bleeping Computer<\/a>, the Handala hackers may have broken in using an internal Stryker administrator account that granted them near-unlimited access<\/a> to the company\u2019s Windows network. The hackers allegedly accessed the company\u2019s Microsoft Intune dashboards, which allows the remote management of employee laptops and mobile devices, such as deleting data in case an employee\u2019s device is lost or stolen.<\/p>\n A successful compromise of the company\u2019s Intune dashboards would have allowed the hackers to remotely wipe employee phones and laptops, including personal devices, without using malware.<\/p>\n The Wall Street Journal<\/a> also reported that the hackers targeted Intune.<\/p>\n A spokesperson for Stryker did not respond to a request for comment or questions about the breach, including whether the allegedly compromised account was protected with multi-factor authentication.<\/p>\n It\u2019s unclear how the hackers obtained their access to Stryker\u2019s network to begin with. Security researchers with Palo Alto Networks<\/a> said the Handala hackers may have relied on phishing to compromise Stryker\u2019s network. IBM<\/a> said the Iran-aligned hacking group is known for using phishing techniques and destructive attacks, including targeting the healthcare and energy sectors. Infostealer malware<\/a>, which can steal a person\u2019s passwords and credentials, may also be to blame.<\/p>\n Stryker has 56,000 staff around the world and operates in more than 60 countries, according to Reuters<\/a>.<\/p>\n<\/div>\n