The FBI has struck back against the threat actors who crippled America’s largest medical technology firm. 🛡️
Enforcement Alert · DOJ seizes four domains linked to Iranian MOIS shell personas.
In the last 24 hours‚ the U.S. Department of Justice announced the seizure of handala-hack[.]to and handala-redwanted[.]to. These domains were used by the Iran-linked group Handala to claim credit for a destructive malware attack against @[Stryker]\\(urn:li:organization:1592\\) that wiped approximately 80‚000 devices by exploiting @[Microsoft]\\(urn:li:organization:1035\\) Intune.
Authorities confirmed that Handala is a shell persona for Iran’s Ministry of Intelligence and Security ❨MOIS❩. While the domains are down‚ the group remains active on Telegram. This disruption is part of a broader effort to neutralize “Cyber Enabled Psychological Operations” designed to terrorize U.S. infrastructure and residents.
The uncomfortable truth: Seizing domains stops the PR machine‚ but the underlying identity vulnerabilities that allowed the wipe of 80‚000 devices remain a blueprint for future geopolitical attacks.
→ Review @[CISA]\\(urn:li:organization:13010360\\) urgent guidance on hardening Microsoft Intune and endpoint management systems.
→ Enforce Multi-Admin Approval for high-impact actions like device wipes or global script deployments.
→ Audit all administrative logs for the creation of unauthorized accounts in Entra ID ❨formerly Azure AD❩.
#Cybersecurity #Stryker #IdentitySecurity #Intune #CISO #CodeDefence