Hackers Use Remote Wipe Tool to Knock Out U. S. Medical Device Maker

A cyberattack linked to an Iran‑tied group struck Stryker, a major U.S. medical technology firm, just after midnight on Wednesday. Employees discovered their work phones and laptops were suddenly unusable, revealing a disruption in parts of the company’s Microsoft environment—though no ransomware was detected.

How It Happened

• Access Point: Hackers penetrated Stryker’s Microsoft Intune console, the tool used to manage corporate devices.
• Action Taken: Inside the console, they triggered remote‑wipe commands that erased device data and reset equipment to factory settings.
• Impact: The wipe shut down many operations, forcing Stryker to activate business‑continuity measures while systems are restored.

Claim of Responsibility

The group that claimed responsibility posted on Telegram and X. While they suggested retaliation for a recent event in Iran, independent verification is lacking. Their claim highlights how geopolitical tensions can spill over into corporate cyber‑attacks.

Context and Historical Precedent

• Iranian “Wiper” Attacks: Known for destructive wipers such as the 2012 assault on Saudi Aramco and a 2014 attack on Sands Casino.
• Shift in Tactics: Recent Iranian actor incidents focus mainly on espionage; this Stryker case may signal a shift toward more aggressive tactics targeting critical infrastructure.

Lessons Learned

1. Administrative Tools Are Weapons – Even routine management tools can become attack vectors if compromised.
2. Broader Threat Landscape: Small businesses, hospitals, and individual users are at risk if similar methods spread.
3. Defensive Measures:
   • Use strong, unique passwords
   • Enable two‑factor authentication (2FA)
   • Perform regular backups
   • Deploy reliable antivirus and endpoint protection

Staying alert to new attack methods is crucial. If you’re worried about what would happen if your devices were wiped overnight, consider reviewing your security posture now. Preparing in advance can mean the difference between a quick recovery and a prolonged outage.