Secure your Microsoft system or suffer the same fate as Stryker – US tells companies to secure corporate accounts
CISA says hackers are actively seeking targets
· TechRadarNews By Sead Fadilpašić published 19 March 2026
Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter
Get the TechRadar Newsletter
Sign up for breaking news, reviews, opinion, top tech deals, and more.
Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors
By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.
You are now subscribed
Your newsletter sign-up was successful
An account already exists for this email address, please log in. Subscribe to our newsletter
- CISA warns US firms after Stryker Intune wipe
- Urges stronger endpoint management configs, least privilege, MFA, multi-admin approvals
- FBI and Microsoft coordinating to counter Handala-linked Iranian hacktivists
The US Cybersecurity and Infrastructure Security Agency (CISA) is urging businesses in the country to harden their endpoint management system configurations and avoid suffering the same fate as Stryker.
If you haven’t been paying attention, an Iranian hacking collective called Handala broke into Stryker, (allegedly) stole 50 terabytes of data, and then used a compromised Microsoft Intune admin account to wipe almost 80,000 company devices in just a few hours.
The company was literally forced to operate on pen and paper due to the severity of the disruption.
Article continues below
Defending against Handala
Earlier this week, CISA issued a new alert, saying it is “aware of malicious cyber activity targeting endpoint management systems of US organizations based on the cyberattack against Stryker”. It urged businesses to bolster their defenses using Microsoft’s recommendations, and stressed it was coordinating with the FBI to identify additional threats.
Microsoft’s recommendations include:
- Using principles of least privileges for admin roles
- Using Intune’s role-based access control to assign minimum permissions necessary
- Enforcing phishing-resistant multi-factor authentication
- Using Microsoft Entra ID to block unauthorized access
- Configuring access policies to require Multi Admin Approval in Microsoft INtune
- Setting up policies that require a second admin account’s approval for sensitive and high-impact changes
“The principles of these recommendations can be applied to Intune and more broadly to other endpoint management software,” CISA added.
Although it is not confirmed, many security researchers believe the attack on Stryker is the result of US and Israeli aggression against Iran. Handala claimed that in its operation “over 200,000 systems, servers, and mobile devices have been wiped, and 50 terabytes of critical data have been extracted.”
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors