Epic Fury Update: Stryker Attack Highlights Handala's Shift from Espionage to Disruption

LevelBlue reports that on March 11, 2026 Stryker experienced a global cyberattack impacting its Microsoft environment that the Iran-linked Handala Hack Team claimed responsibility for; attackers appear to have abused Intune/MDM admin access (and used a custom wiper) to remotely wipe or disable managed devices worldwide, creating major operational and business-continuity risk for the medical-technology firm. The report assesses Handala as an Iran-aligned persona/APT, outlines likely initial-access methods (phishing, session hijacking, valid account abuse), documents observed destructive techniques, and recommends identity- and privilege-focused mitigations (phishing-resistant MFA, least privilege, dedicated admin workstations, device recovery testing) while LevelBlue elevates monitoring and incident response readiness.