Handala wipes 200,000+ Stryker devices via Microsoft Intune abuse
Pro-Palestine hacktivist persona operated by the Iranian MOIS-affiliated **Void Manticore** cluster — see the parent actor entry for the full attribution chain. Named for the Naji al-Ali cartoon char…
Summary
Stryker Corporation — one of the world's largest medical-device manufacturers — disclosed a destructive intrusion that disrupted global internal networks and Microsoft systems. Iran-aligned hacktivist persona Handala (assessed by Check Point and Palo Alto Unit 42 as a MOIS-operated front under the Void Manticore umbrella) claimed responsibility, calling the operation retaliation 'for the brutal attack on the Minab school.' Open-source reporting indicates the operators abused Stryker's Microsoft Intune tenant to issue a remote device-wipe command against enrolled endpoints — a novel TTP for the persona and an early data point in a class of MDM-abuse-as-wiper attacks. Stryker confirmed the incident materially impacted Q1 2026 earnings.