Iran-linked Handala Hack (MOIS-affiliated) breached medical device provider Stryker, deleting a huge trove of company data and wiping thousands of employee devices. Initial access was gained through compromised credentials, likely via infostealer malware or phishing, leading to administrative access via Microsoft Intune. The group also separately leaked personal emails of FBI Director Kash Patel.
Initial Access
Phishing for Access
likely
Handala Hack likely gained initial access to Stryker's environment by exploiting identity through phishing campaigns or using compromised credentials obtained via infostealer malware.
Defender cut points
Enforce phishing-resistant MFA on all accountsDeploy EDR to detect infostealer malware and credential theft attempts
