Discussion
Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
cobbzilla: My only knowledge this company is as a manufacturer of gurneys for ambulances.I guess they have some sensitive data on our emergency services organizations and their headquarters addresses and accounts payable people, maybe PII on signatories (officers, board members & “important people”) and whatnot.Anyone know if it would be worse?
serf: >My only knowledge this company is as a manufacturer of gurneys for ambulances.they have a tremendous catalog[0].spend time in a hospital, dental office, rehab, etc and you'll see the logo plastered across everything.[0]: https://www.stryker.com/us/en/portfolios/medical-surgical-eq...
Banditoz: Does InTune have some sort of check that goes "if over 1% of devices are wiped within a certain timeframe, stop all new device wipe requests"? Seems like it should be a feature, especially if these kinda attacks pick up.
bingogo: Medtech firms consistently underinvest in corporate network cybersecurity because almost all their security and compliance spending goes to device safety requirements, not IT hardening. This is exactly the kind of gap wiper attacks target.
FreakLegion: This was more likely an Intune admin getting phished. Intune has a built-in wipe action: https://learn.microsoft.com/en-us/intune/intune-service/remo....
camillomiller: Seems dire but hardly a supply chain disrupting attack. Stryker is a huge supplier but it not as if this will debilitate the medical supply chain completely. Seems like the hackers found a door they could kick open easily and then justified the action ex-post.
selcuka: My understanding is that the aim was not to disrupt the supply chain but to harm the company itself.
cobbzilla: yeah that is a lot of tech, but it’s all B2B- no consumer breach, right?
pastescreenshot: Probably worse in the boring B2B way, not the consumer-breach way. Stryker is deep in hospital operations, so the immediate risk is supply chain and support disruption rather than leaked patient data. The Krebs post says one hospital system already could not order surgical supplies, and if the Intune remote wipe detail is true, recovering internal devices and admin workflows could take a while even without any medical devices themselves being compromised.
JonChesterfield: So gain access to a machine that can ask microsoft intune to eviscerate the company, ask it to do so, done. Bit of a shame all the machines had that installed really. Reminds me of crowdstrike.
marijan_div: Stryker is far more than ambulance gurneys. They’re one of the largest med-tech suppliers, with equipment in operating rooms, ICUs, and surgical departments everywhere.If a wiper actually hit internal systems, the bigger concern isn’t consumer data but disruption to manufacturing, logistics, and hospital support. That kind of outage could ripple through a lot of hospitals pretty quickly.
duskdozer: If they're a primary regional supplier, it could have a huge impact. It doesn't have to break the entire country to matter.
bitwize: The "Fucking for Virginity" approach to infosec strikes again!
jamesmishra: Some people on Twitter have jokingly suggested that the Iranians were looking for the maker of the Stryker military vehicle.https://en.wikipedia.org/wiki/Stryker
Drupon: Yeah dumbasses regularly post nonsense on Elon's X™
fartfeatures: I'm pretty sure that is not exclusive to X.
LPisGood: Can you elaborate what you mean?Are you referring to a paradigm where people make their systems less secure in the effort to make them more secure?
ChrisArchitect: Related:Iran warns U.S. tech firms could become targets as war expandshttps://news.ycombinator.com/item?id=47341007
trhway: Well, time to dust off anti-drone defense systems. Today on NPR they talked that Iran plans to launch drones from ships into California. Dovetailing with the parent - what are the chances that Iran would target all those FAANG offices in MV a mile or 2 from my home...
