The FBI has struck back against the threat actors who crippled one of the largest medical technology firms. 🛡️
Enforcement Alert · DOJ seizes four domains linked to Iranian MOIS shell personas.
In the last 24 hours‚ the U.S. Department of Justice announced the seizure of handala-hack[.]to and handala-redwanted[.]to. These domains were used by the Iran-linked group Handala to claim credit for a destructive malware attack against @[Stryker](urn:li:organization:1592) that wiped approximately 80‚000 devices by exploiting @[Microsoft](urn:li:organization:1035) Intune.
Authorities confirmed that Handala is a shell persona for Iran Ministry of Intelligence and Security ❨MOIS❩. While the domains are down‚ the group remains active on Telegram. This disruption is part of a broader effort to neutralize Cyber Enabled Psychological Operations designed to terrorize infrastructure and residents.
The uncomfortable truth: Seizing domains stops the PR machine‚ but the underlying identity vulnerabilities that allowed the wipe of 80‚000 devices remain a blueprint for future geopolitical attacks.
→ Review @[CISA](urn:li:organization:13010360) urgent guidance on hardening Microsoft Intune and endpoint management systems.
→ Enforce Multi-Admin Approval for high-impact actions like device wipes or global script deployments.
→ Audit all administrative logs for the creation of unauthorized accounts in Entra ID ❨formerly Azure AD❩.
#Cybersecurity #Stryker #IdentitySecurity #Intune #CISO #CodeDefence