alt Hacker NewsIran-backed hackers claim wiper attack on medtech firm Stryker
Comments
So gain access to a machine that can ask microsoft intune to eviscerate the company, ask it to do so, done. Bit of a shame all the machines had that installed really. Reminds me of crowdstrike.
Stryker is far more than ambulance gurneys. They’re one of the largest med-tech suppliers, with equipment in operating rooms, ICUs, and surgical departments everywhere.
If a wiper actually hit internal systems, the bigger concern isn’t consumer data but disruption to manufacturing, logistics, and hospital support. That kind of outage could ripple through a lot of hospitals pretty quickly.
So... did they have backups?
Wipe all data kind of seems like the best kind of cyberattack if you have backups. No data falling into wrong hands, no left behind rootkits, no ransome threats etc
My only knowledge of this company is as a manufacturer of gurneys for ambulances.
I guess they have some sensitive data on our emergency services organizations and their headquarters addresses and accounts payable people, maybe PII on signatories (officers, board members & “important people”) and whatnot.
Anyone know if it would be worse?
So their own faulty security is now blamed on others. That's not new.
Medtech firms consistently underinvest in corporate network cybersecurity because almost all their security and compliance spending goes to device safety requirements, not IT hardening. This is exactly the kind of gap wiper attacks target.
They’ve been around for a while. Threat actors are something that I want our governments to be working on stopping. If they were capable, I would say we should run a government Project Zero but I doubt anyone would do long term service for $70k/yr when they could be making 10x-100x that.
Anyway, the bombings will have to continue till we rubble our enemies.
Seems dire but hardly a supply chain disrupting attack. Stryker is a huge supplier but it not as if this will debilitate the medical supply chain completely. Seems like the hackers found a door they could kick open easily and then justified the action ex-post.
Related:
Iran warns U.S. tech firms could become targets as war expands
The "Fucking for Virginity" approach to infosec strikes again!
[dead]
[dead]
[flagged]
Some people on Twitter have jokingly suggested that the Iranians were looking for the maker of the Stryker military vehicle.
They are trying to hurt innocents in retaliation for the US murdering their children. I understand the sentiment, but strongly disagree with acting on it. Ukraine has done a much better (of course not perfect) job of retaliating against military targets in response to russian war crimes.
Does InTune have some sort of check that goes "if over 1% of devices are wiped within a certain timeframe, stop all new device wipe requests"? Seems like it should be a feature, especially if these kinda attacks pick up.