The Cybersecurity and Infrastructure Security Agency (CISA) is urging organizations to take immediate steps to strengthen the security of their Microsoft environments, with a particular focus on Microsoft Intune.
Microsoft Intune is a cloud-based endpoint management platform that enables organizations to centrally administer large numbers of devices, including laptops and mobile phones. If threat actors gain control of Intune, they can issue remote wipe commands that erase data from managed corporate systems, potentially causing widespread operational disruption.
In response to growing concerns, Microsoft recently published updated best-practice guidance aimed at improving Intune security. According to the guidance, organizations should prioritize three key measures:
- Structuring administrative roles based on job responsibilities and enforcing the principle of least privilege
- Implementing phishing-resistant authentication methods
- Requiring approval from multiple administrators before making high-impact configuration changes
CISA’s advisory follows a recent cyber incident involving Stryker, a U.S.-based Fortune 500 medical technology company that reportedly suffered a breach through its internal Microsoft environment.
While Stryker has not publicly detailed the exact attack method, reports indicate that the company experienced a “global network disruption” after unauthorized access to Microsoft Intune. The attackers are believed to have compromised an administrative account and subsequently executed wipe commands that affected tens of thousands of systems and servers.
In a subsequent statement, Stryker confirmed that its products remain safe to use and outlined its recovery efforts.
“We are prioritizing the restoration of systems that directly support customers, ordering, and shipping,” the company said. “Our core transactional systems are on a clear path toward full recovery, and we will continue to provide updates as progress is made. Serving our customers and patients remains our top priority, and we appreciate their continued support and partnership.”
Responsibility for the attack has been claimed by Handala, an Iranian-linked, pro‑Palestinian hacktivist group. The group alleged that it wiped more than 200,000 systems and servers and exfiltrated 50 terabytes of what it described as critical data, resulting in the shutdown of offices across 79 countries.
According to Handala, the operation was carried out in retaliation for a deadly attack on the Minab school and in response to ongoing cyber operations targeting what the group refers to as the “Axis of Resistance.” The incident reportedly resulted in the deaths of at least 175 people, most of whom were children.
Found this article interesting? Follow us on X(Twitter) ,Threads and FaceBook to read more exclusive content we post.
