Search results for: stryker

As we reported last week, Stryker was attacked by Iranian-backed hackers in retaliation for Israeli and U.S. strikes against Iran. It was a significant cyberattack, known as a wiper attack. A wiper attack is designed not to extort money from a victim, but instead to send a message and destroy the victim’s data to cripple their operations. Stryker was a victim of a political attack that had a significant negative effect on its business operations. It was merely conducting business and got caught in the crosshairs of an international war.

Stryker has been transparent about the incident and how it has affected its products. Being a victim of a wiper attack is bad enough. But unfortunately, it became victimized again when, while responding to the cyberattack, it was sued by a former customer service employee alleging that Stryker failed to secure data and alleging a data breach. It is confounding to me to try to understand how the plaintiff can possibly allege a data breach when the attack just happened and an investigation was just starting.

The facts surrounding the Stryker attack will continue to develop, and Stryker will no doubt comply with an legal obligations that ultimately arise from the incident. That said, it is deeply disappointing to see an opportunistic plaintiff and counsel hit Stryker before facts are known, before any notification letters are sent (if even applicable), and while the company was down and actively responding to a significant attack.

Stryker should be allowed the time to assess what happened, respond appropriately, restore its operations, and complete its investigation before anyone determines whether a viable claim exists. Filing suit within days of the incident is premature and only serves as a distraction.

I feel particular empathy toward Stryker, as it took the hit for a political message—something that could have happened to any company. We  should learn from this incident and support the company, rather than pile on while it is still working to recover.

With the background of recent government warnings about increased cyber-attacks from Iranian-backed hackers, the Irish Examiner has reported that the Stryker site located in Cork, Ireland has been hit with a wiper attack by the Iranian-backed Handala Hacking Team.

The Stryker facility in Cork employs approximately 5,000 individuals and “has been crippled by a cyberattack” being described as a wiper attack, which wipes all of the targeted system’s data and is politically motivated.

According to the Irish Examiner, the Cork Stryker site’s IT systems have been “’shut down’” and Stryker employee devices have been wiped out. The login pages appearing on these devices have been defaced with the Handala logo. The attack, believed to be a response to business links with Israel, has affected Stryker’s Microsoft environment. .

Israeli media reports that Handala has also claimed responsibility for hacking the Academy of Hebrew Language website, and the Israeli National Cyber Directorate is trying to intercept “a wave of Iranian cyberattacks on Israeli civilian companies.”

The U.S. government has warned U.S. based companies to be on heightened alert for Iranian-backed cyber attacks in retaliation for the strikes against Iran. This attack against Stryker makes this warning an urgent reminder to review the warnings and mitigation actions

The Federal Bureau of Investigation (FBI) recently released a FLASH warning highlighting malicious cyber activity conducted by threat actors operating on behalf of Iran’s Ministry of Intelligence and Security. According to the FBI, these threat actors are using Telegram as a command-and-control infrastructure to push malware “targeting Iranian dissidents, journalists opposed to Iran, and other opposition groups around the world.” The FLASH was released “to maximize awareness of malicious Iranian cyber activity and provide mitigation strategies to reduce the risk of compromise” in light of the “elevated geopolitical climate of the Middle East and current conflict.”  

The FLASH is designed to warn network defenders, and the public, of continued malicious cyber activity by Iranian-backed cyber actors, and provides the tactics, techniques, and procedures used in this malware campaign.

The FBI notes that the threat actors use Signal to deploy various malware versions to infect machines running Windows operating systems and “could be used to target any individual of interest to Iran.”

According to the FLASH, the threat actors used social engineering to masquerade as commonly used programs or services on Windows machines. After compromise, they then “connected the infected machine to Telegram command and control bots that enabled remote user access to exfiltrate screen captures or files from the victim devices.” The threat actors include Handala Hack, which claimed responsibility for the Stryker attack. Handala Hack is also linked to another entity known as “Homeland Justice.”

Iranian-backed hackers continue to pose a threat to all companies because they leverage legitimate messaging apps like Telegram (through no fault of its own) to deliver payloads. If you or your company uses Telegram, or another messaging app, it is imperative to understand how these legitimate tools are used maliciously by threat actors. Follow the FBI’s guidelines and educate your users to this increased risk.