Stryker Hack: What We Know So Far

This report describes the March 11, 2026 Stryker incident attributed to the Iranian-linked Handala Hack Team, in which attackers reportedly gained Global Administrator access to the company’s Microsoft environment, used Intune to remotely wipe thousands of enrolled devices (reports cite ~80,000 affected) and claimed exfiltration of up to 50TB; the analysis highlights exposed credentials observed in telemetry prior to the incident, discusses possible MFA bypass methods, summarizes the group’s tactics and follow-on activity, and provides defensive recommendations and Outpost24 product guidance.