What the Stryker Incident Reveals About Handala’s Attack Playbook by Lucie Cardiet

On March 11, 2026, Stryker disclosed a cybersecurity incident involving disruptive, hands-on intrusion activity attributed to the Iranian-aligned group Handala (Void Manticore); attackers reportedly abused Microsoft Intune to remotely wipe managed devices and deface login screens, and claimed large-scale data theft (50 TB to 12 PB) and impact to over 200,000 devices—claims that remain unverified—while the report outlines likely identity-based access, privilege escalation, reconnaissance, credential harvesting, data staging/exfiltration, and device-management–based destructive actions and provides detection and response guidance.