FilterHN

Iran-backed hackers claim wiper attack on medtech firm Stryker

60 points

by 2bluesc

1 hour ago

| past

| 6 comments

| krebsonsecurity.com

| HN

▲

Banditoz

1 minute ago

[-]

Does InTune have some sort of check that goes "if over 1% of devices are wiped within a certain timeframe, stop all new device wipe requests"? Seems like it should be a feature, especially if these kinda attacks pick up.

▲

JonChesterfield

5 minutes ago

[-]

So gain access to a machine that can ask microsoft intune to eviscerate the company, ask it to do so, done. Bit of a shame all the machines had that installed really. Reminds me of crowdstrike.

▲

cobbzilla

12 minutes ago

[-]

My only knowledge of this company is as a manufacturer of gurneys for ambulances.

I guess they have some sensitive data on our emergency services organizations and their headquarters addresses and accounts payable people, maybe PII on signatories (officers, board members & “important people”) and whatnot.

Anyone know if it would be worse?

▲

serf

11 minutes ago

[-]

>My only knowledge this company is as a manufacturer of gurneys for ambulances.

they have a tremendous catalog[0].

spend time in a hospital, dental office, rehab, etc and you'll see the logo plastered across everything.

[0]: https://www.stryker.com/us/en/portfolios/medical-surgical-eq...

▲

cobbzilla

10 minutes ago

[-]

yeah that is a lot of tech, but it’s all B2B- no consumer breach, right?

▲

pastescreenshot

4 minutes ago

[-]

Probably worse in the boring B2B way, not the consumer-breach way. Stryker is deep in hospital operations, so the immediate risk is supply chain and support disruption rather than leaked patient data. The Krebs post says one hospital system already could not order surgical supplies, and if the Intune remote wipe detail is true, recovering internal devices and admin workflows could take a while even without any medical devices themselves being compromised.

▲

marijan_div

7 minutes ago

[-]

Stryker is far more than ambulance gurneys. They’re one of the largest med-tech suppliers, with equipment in operating rooms, ICUs, and surgical departments everywhere.

If a wiper actually hit internal systems, the bigger concern isn’t consumer data but disruption to manufacturing, logistics, and hospital support. That kind of outage could ripple through a lot of hospitals pretty quickly.

▲

camillomiller

6 minutes ago

[-]

Seems dire but hardly a supply chain disrupting attack. Stryker is a huge supplier but it not as if this will debilitate the medical supply chain completely. Seems like the hackers found a door they could kick open easily and then justified the action ex-post.

▲

selcuka

2 minutes ago

[-]

My understanding is that the aim was not to disrupt the supply chain but to harm the company itself.

▲

bingogo

37 minutes ago

[-]

Medtech firms consistently underinvest in corporate network cybersecurity because almost all their security and compliance spending goes to device safety requirements, not IT hardening. This is exactly the kind of gap wiper attacks target.

▲

FreakLegion

1 minute ago

[-]

This was more likely an Intune admin getting phished. Intune has a built-in wipe action: https://learn.microsoft.com/en-us/intune/intune-service/remo....