Does InTune have some sort of check that goes "if over 1% of devices are wiped within a certain timeframe, stop all new device wipe requests"? Seems like it should be a feature, especially if these kinda attacks pick up.
>During TechEd 2014, Emory University's IT department prepared and deployed Windows 7 upgrades to the campuses computers. If you've worked with ConfigMgr at all, you know that there are checks-and-balances that can be employed to ensure that only specifically targeted systems will receive an OS upgrade. In Emory University's case, the check-and-balance method failed and instead of delivering the upgrade to applicable computers, delivered Windows 7 to ALL computers including laptops, desktops, and even servers.
So gain access to a machine that can ask microsoft intune to eviscerate the company, ask it to do so, done. Bit of a shame all the machines had that installed really. Reminds me of crowdstrike.
My 95% bet is that the attacker just gained access to an account with suitable privileges and then went on to use existing automation. The fact that it’s intune is largely irrelevant - I’m not aware of any safeguards that any provider would implemen.
So the options here are MDM or no MDM and that’s a hard choice. No MDM means that you have to trust all people to get things as basic as FDE or a sane password policy right. No option to wipe or lock lost devices. No option to unlock devices where people forgot their password. Using an MDM means having a privileged attack vector into all machines.
>Bit of a shame all the machines had that installed really.
Are you new to Windows sysadmin stuff? Or you have 0 idea whatsoever and you are just vibein?
How else are we supposed to deploy/push programs and settings and in the past over SCCM, an entire OS, if the machines don't have it installed?
This is also how your precious Linux tool Ansible and Puppet works btw.
And MDMs like Mosyle for OSX. They need it installed. Because IT need to keep check on updates and settings and programs. But I suspect you are a rockstar dev and dont need no IT.
Go on, I'll wait.
mmm yeaaah just downvote me instead. Hide the wrongthink. You people need to not be so sure of yourselves.
Stryker is far more than ambulance gurneys. They’re one of the largest med-tech suppliers, with equipment in operating rooms, ICUs, and surgical departments everywhere.
If a wiper actually hit internal systems, the bigger concern isn’t consumer data but disruption to manufacturing, logistics, and hospital support. That kind of outage could ripple through a lot of hospitals pretty quickly.
Wipe all data kind of seems like the best kind of cyberattack if you have backups. No data falling into wrong hands, no left behind rootkits, no ransome threats etc
> No data falling into wrong hands, no left behind rootkits, no ransome threats etc
You won't necessarily be able to know that the data hasn't already been exfiltrated and that the backups aren't post-compromise. Or that by restoring the backup you won't get back to the state that allowed them to get in in the first place.
My only knowledge of this company is as a manufacturer of gurneys for ambulances.
I guess they have some sensitive data on our emergency services organizations and their headquarters addresses and accounts payable people, maybe PII on signatories (officers, board members & “important people”) and whatnot.
Probably worse in the boring B2B way, not the consumer-breach way. Stryker is deep in hospital operations, so the immediate risk is supply chain and support disruption rather than leaked patient data. The Krebs post says one hospital system already could not order surgical supplies, and if the Intune remote wipe detail is true, recovering internal devices and admin workflows could take a while even without any medical devices themselves being compromised.
Medtech firms consistently underinvest in corporate network cybersecurity because almost all their security and compliance spending goes to device safety requirements, not IT hardening. This is exactly the kind of gap wiper attacks target.
See, here is what I've observed. I don't expect to change your POVs. Nevertheless...
The issue started when Israel was ready to have recognition from Saudi Arabia on their statehood. This would make Hamas irrelevant. And puts Sunnis (Iran) lesser recognised. Meanwhile Shia's (Saudi) will become the defacto in the Muslim world and half of Muslim world would either tolerate or be OK with Israel. Hamas attack on Israel at Oct 7 stopped that. Hamas has been supported by Iran for a long time. So in the whole Gaza - Israel thing, Iran was backing Hamas. Then they proxied with them by providing assistance. Then they eventually directly got involved.
You need to understand, there was good period of peace between Israel & Palestine until Oct 7.
While I reject US toppling govts around the world, Iran's hand is not clean in this one. But also, US thought this would be as easy as Venezuela and killing Iran's leader will stop this. Interfering in other countries biz have consequences. And in this case, it's true for Iran & US.
Sure, if you consider Israel killing several hundred Palestinians each year and having a thousand hostages, sorry, "administrative detainees" indefinitely incarcerated without charge as they continued to colonize Palestinian land peaceful.
Mowing the lawn and stealing land in the west bank is what you call peace?
Israel even killed Irans negotiators last year when they were getting close to a deal. This situation is engineered, Netanyahu has wanted this for decades.
> You need to understand, there was good period of peace between Israel & Palestine until Oct 7.
What a disgusting and patronizing rewriting of history. This "peace" was enforced by ongoing occupation of Palestine and abuse of the people living there.
I have no idea why you would assume Israel had to resort to extortion to get Trump to help them bomb Iran. We bombed Venezuela a few weeks ago, no extortion required.
It's far more likely he was did it because Hegseth thought it would be more manly or something more ego driven than extortion. More likely it's just another example of flooding the zone to forget about the Epstein files and the stagnating economy
I am thinking the theories are true because of the must larger negative repercussions of that action.
They are strengthening the regime (US intelligence services were aware of that before the attack and had informed the president), they are destabilizing all their oil producers, they are risking great economic cost..
It only makes sense if indeed they either extorted him, or if he is indeed demented / deranged.
surely a New York Post article quoting a Fox News "expert" will be factual, unbiased and not at all an attempt to pour more oil into the fire and manufacture consent to bomb a couple more girl's schools.
Sounds like justification for a false flag operation by the US government. How would they transport these massive things and launch them on a different continent? That, or the US is trying to justify that this illegal war is on their doorstep and need to expand their terror.
The drones Iran are using are actually relatively small, you can fit 5 of them into a medium sized truck and they can launch in-situ, which is how they've been using them in ground operations. Doesn't seem that much of a stretch to put a bunch of them into shipping containers.
"Reichstag fire" attempts are definitively a legitimate concern. But as Ukraine has demonstrated, all you need to get a drone army deep into a country attacking you is a regular shipping container.
We never did find out what those drones in New Jersey in 2024 were, did we? One Republican congressman seemed convinced at the time that he'd been informed:
BBC: Mystery New Jersey drones not from Iranian 'mothership' - Pentagon
They were flying over military installations, if they were anyone else's drones, they would have been shot down like the weather balloons that spook the government from time to time.
I feel like that's not realistic, why would they launch drones to California rather than some place like DC or NY. It's a long distance.
I don't even think they'd launch drones to DC either, they seem to be all in on attacking oil infrastructure as well as us bases & defense systems in the Middle East, rather than America.
>why would they launch drones to California rather than some place like DC or NY. It's a long distance.
Because they allegedly have a ship already in the Pacific loaded with drones.
DC and NY are way too far from Iran to launch any kind of attack; the only attack they can possibly do is from a ship, and ships can be anyplace where there's deep enough water.
> Iran plans to launch drones from ships into California
That does not make any sense to me. Does Iran have a bunch of ships in the Pacific? Why? How would they even got close enough to the US coast without being noticed at this point?
I'm not saying it's not true, I just don't understand.
I’ve been seeing stuff saying China is a big customer of Iranian oil, so maybe there are oil tankers heading to China from Iran. No idea if that is actually the case though. I wonder if that Flexport shipping map that was shared here recently has any info?
Yeah that makes no sense. only thing I've heard is they have connections to some cartels in south america. venezuela is gone but I suppose they could hire some local talent and get close enough?
Seems like a really dumb idea right now, unless maybe as a last resort if Trump decides to drop tactical nukes or something
Seems dire but hardly a supply chain disrupting attack. Stryker is a huge supplier but it not as if this will debilitate the medical supply chain completely.
Seems like the hackers found a door they could kick open easily and then justified the action ex-post.
They’ve been around for a while. Threat actors are something that I want our governments to be working on stopping. If they were capable, I would say we should run a government Project Zero but I doubt anyone would do long term service for $70k/yr when they could be making 10x-100x that.
Anyway, the bombings will have to continue till we rubble our enemies.
We had a government agency working on stopping threat actors, the Cybersecurity & Infrastructure Security Agency, but then DOGE ruined it. Now it’s a shell.
Yes, exactly. In the realpolitik of organizational IT security, there's less of an emphasis on making systems more resilient to attack, much more of an emphasis on having an audit trail, so that in case the company is sued over a data breach they can claim "we did the very best that could be reasonably expected of us with the knowledge we had at the time" and provide receipts to back up that claim. Implicit in that claim is also "we used the same tools that everyone else is using so you can't blame us specially for unwittingly choosing something vulnerable to compromise". Hence the proliferation of shitty single-point-of-failure "endpoint security" software that leads to events like the 2024 Clownstrike incident.
> Nuclear weapons are a MAD red line that will result in total annihilation of the attacker. They are only useful in a defensive capacity.
Also in a "if I'm going down, everyone else is going down with me", which is Ian's strategy in this war (for good reasons). If the IRGC had nukes, and was severely threatened (like, killing the Supreme Leader and threatening to kill all of the replacements until they bend to the US/Israel will), they might have decided to go out "with style".
Nothing geopolitical about it in the sense I intended, except as a reference to the Vietnam-era catchphrase. It's simply a case of "putting spyware on everybody's corporate PC for security is like fucking for virginity".
They are trying to hurt innocents in retaliation for the US murdering their children. I understand the sentiment, but strongly disagree with acting on it. Ukraine has done a much better (of course not perfect) job of retaliating against military targets in response to russian war crimes.
That’s not the motivation for these attacks at all. They’re waging asymmetric warfare against a much larger and more exposed opponent.
Their goal is to make it too troublesome for the US/Israel to continue attacking them, like a swarm of bees attacking a bear to keep it away from their honey.
Iran is in it to win it and the US is so very obviously not.
The question is if the pressure that Israel can put on the current administration greater than the pressure that Iran can put on America as a whole.
I'm sure that if Iran had the backing of the Western world, and had their surplus of armaments funneled it's way, it would be bombing army bases and refineries and airfields and factories and port facilities in the US.
Unlike Ukraine, it does not, so it seems to be focusing on cyber vandalism and blowing up oil infrastructure in US vassal states, and other low-cost, high-ROI activities.
Does InTune have some sort of check that goes "if over 1% of devices are wiped within a certain timeframe, stop all new device wipe requests"? Seems like it should be a feature, especially if these kinda attacks pick up.
This raises the question: Are mass layoffs less frequent than a company's MS administrator account getting hacked?
Everything is obvious in hindsight
And to be clear, SCCM and Intune is a gun.
MS will not stop you from blowing your foot off with the gun.
Remember https://www.itprotoday.com/windows-7/aggressive-configmgr-ba... ?
>During TechEd 2014, Emory University's IT department prepared and deployed Windows 7 upgrades to the campuses computers. If you've worked with ConfigMgr at all, you know that there are checks-and-balances that can be employed to ensure that only specifically targeted systems will receive an OS upgrade. In Emory University's case, the check-and-balance method failed and instead of delivering the upgrade to applicable computers, delivered Windows 7 to ALL computers including laptops, desktops, and even servers.
That ANY kind of config change should be rate-limited has been pretty obvious and hammered on in SRE manuals for at least 10 years.
And who sets the limits? MS? What if a company WANTS to wipe their entire fleet?
So gain access to a machine that can ask microsoft intune to eviscerate the company, ask it to do so, done. Bit of a shame all the machines had that installed really. Reminds me of crowdstrike.
The company should have known better than to trust their IT infrastructure to Microslop. This is their own fault.
My 95% bet is that the attacker just gained access to an account with suitable privileges and then went on to use existing automation. The fact that it’s intune is largely irrelevant - I’m not aware of any safeguards that any provider would implemen.
So the options here are MDM or no MDM and that’s a hard choice. No MDM means that you have to trust all people to get things as basic as FDE or a sane password policy right. No option to wipe or lock lost devices. No option to unlock devices where people forgot their password. Using an MDM means having a privileged attack vector into all machines.
What alternative to Intune and, hell, the entire Office 365 suite that it is in, do you have?
Gsuite + Slack I guess. lmao. As if that is better.
Looking forward to your reply.
>Bit of a shame all the machines had that installed really.
Are you new to Windows sysadmin stuff? Or you have 0 idea whatsoever and you are just vibein?
How else are we supposed to deploy/push programs and settings and in the past over SCCM, an entire OS, if the machines don't have it installed?
This is also how your precious Linux tool Ansible and Puppet works btw.
And MDMs like Mosyle for OSX. They need it installed. Because IT need to keep check on updates and settings and programs. But I suspect you are a rockstar dev and dont need no IT.
Go on, I'll wait.
mmm yeaaah just downvote me instead. Hide the wrongthink. You people need to not be so sure of yourselves.
Stryker is far more than ambulance gurneys. They’re one of the largest med-tech suppliers, with equipment in operating rooms, ICUs, and surgical departments everywhere.
If a wiper actually hit internal systems, the bigger concern isn’t consumer data but disruption to manufacturing, logistics, and hospital support. That kind of outage could ripple through a lot of hospitals pretty quickly.
Never add your personal device to a companies MDM…
Never use your personal device for work, you wanted to say, probably.
The only maybe grey area is to only us it as authenticator. But yes even then the company needs to provide this, a cheap phone works.
So... did they have backups?
Wipe all data kind of seems like the best kind of cyberattack if you have backups. No data falling into wrong hands, no left behind rootkits, no ransome threats etc
> No data falling into wrong hands, no left behind rootkits, no ransome threats etc
You won't necessarily be able to know that the data hasn't already been exfiltrated and that the backups aren't post-compromise. Or that by restoring the backup you won't get back to the state that allowed them to get in in the first place.
My only knowledge of this company is as a manufacturer of gurneys for ambulances.
I guess they have some sensitive data on our emergency services organizations and their headquarters addresses and accounts payable people, maybe PII on signatories (officers, board members & “important people”) and whatnot.
Anyone know if it would be worse?
>My only knowledge this company is as a manufacturer of gurneys for ambulances.
they have a tremendous catalog[0].
spend time in a hospital, dental office, rehab, etc and you'll see the logo plastered across everything.
[0]: https://www.stryker.com/us/en/portfolios/medical-surgical-eq...
yeah that is a lot of tech, but it’s all B2B- no consumer breach, right?
Probably worse in the boring B2B way, not the consumer-breach way. Stryker is deep in hospital operations, so the immediate risk is supply chain and support disruption rather than leaked patient data. The Krebs post says one hospital system already could not order surgical supplies, and if the Intune remote wipe detail is true, recovering internal devices and admin workflows could take a while even without any medical devices themselves being compromised.
so maybe more hospitals shutdown from ransomware attacks coming?
Medtech firms consistently underinvest in corporate network cybersecurity because almost all their security and compliance spending goes to device safety requirements, not IT hardening. This is exactly the kind of gap wiper attacks target.
This was more likely an Intune admin getting phished. Intune has a built-in wipe action: https://learn.microsoft.com/en-us/intune/intune-service/remo....
That's a shame, they make impressive products
The shame is that could be entirely avoided, if Israel hadn't extorted(?) Trump into invading Iran.
See, here is what I've observed. I don't expect to change your POVs. Nevertheless...
The issue started when Israel was ready to have recognition from Saudi Arabia on their statehood. This would make Hamas irrelevant. And puts Sunnis (Iran) lesser recognised. Meanwhile Shia's (Saudi) will become the defacto in the Muslim world and half of Muslim world would either tolerate or be OK with Israel. Hamas attack on Israel at Oct 7 stopped that. Hamas has been supported by Iran for a long time. So in the whole Gaza - Israel thing, Iran was backing Hamas. Then they proxied with them by providing assistance. Then they eventually directly got involved.
You need to understand, there was good period of peace between Israel & Palestine until Oct 7.
While I reject US toppling govts around the world, Iran's hand is not clean in this one. But also, US thought this would be as easy as Venezuela and killing Iran's leader will stop this. Interfering in other countries biz have consequences. And in this case, it's true for Iran & US.
>You need to understand, there was good period of peace between Israel & Palestine until Oct 7.
Yes, in the year before Oct 7. alone Israel army had only killed about 40 Palestinian children.
Sure, if you consider Israel killing several hundred Palestinians each year and having a thousand hostages, sorry, "administrative detainees" indefinitely incarcerated without charge as they continued to colonize Palestinian land peaceful.
Pretty sure you have your Sunni and Shia confused there.
> Sunnis (Iran)…Shia (Saudi)
These are reversed
Mowing the lawn and stealing land in the west bank is what you call peace?
Israel even killed Irans negotiators last year when they were getting close to a deal. This situation is engineered, Netanyahu has wanted this for decades.
> You need to understand, there was good period of peace between Israel & Palestine until Oct 7.
What a disgusting and patronizing rewriting of history. This "peace" was enforced by ongoing occupation of Palestine and abuse of the people living there.
I have no idea why you would assume Israel had to resort to extortion to get Trump to help them bomb Iran. We bombed Venezuela a few weeks ago, no extortion required.
It's far more likely he was did it because Hegseth thought it would be more manly or something more ego driven than extortion. More likely it's just another example of flooding the zone to forget about the Epstein files and the stagnating economy
I am thinking the theories are true because of the must larger negative repercussions of that action.
They are strengthening the regime (US intelligence services were aware of that before the attack and had informed the president), they are destabilizing all their oil producers, they are risking great economic cost..
It only makes sense if indeed they either extorted him, or if he is indeed demented / deranged.
Related:
Iran warns U.S. tech firms could become targets as war expands
https://news.ycombinator.com/item?id=47341007
Well, time to dust off anti-drone defense systems. Today on NPR they talked that Iran plans to launch drones from ships into California.
https://www.10news.com/news/local-news/authorities-warn-of-p...
Fox News drone expert:
https://nypost.com/2026/03/11/us-news/iran-could-use-drones-...
> Fox News [...] expert [...] nypost.com
surely a New York Post article quoting a Fox News "expert" will be factual, unbiased and not at all an attempt to pour more oil into the fire and manufacture consent to bomb a couple more girl's schools.
Sounds like justification for a false flag operation by the US government. How would they transport these massive things and launch them on a different continent? That, or the US is trying to justify that this illegal war is on their doorstep and need to expand their terror.
The drones Iran are using are actually relatively small, you can fit 5 of them into a medium sized truck and they can launch in-situ, which is how they've been using them in ground operations. Doesn't seem that much of a stretch to put a bunch of them into shipping containers.
"Reichstag fire" attempts are definitively a legitimate concern. But as Ukraine has demonstrated, all you need to get a drone army deep into a country attacking you is a regular shipping container.
We never did find out what those drones in New Jersey in 2024 were, did we? One Republican congressman seemed convinced at the time that he'd been informed:
BBC: Mystery New Jersey drones not from Iranian 'mothership' - Pentagon
https://www.bbc.com/news/articles/crrwz91wqd9o
It's certainly a theory / narrative that keeps appearing in the media.
They were flying over military installations, if they were anyone else's drones, they would have been shot down like the weather balloons that spook the government from time to time.
They were Palantir apparently.
I feel like that's not realistic, why would they launch drones to California rather than some place like DC or NY. It's a long distance.
I don't even think they'd launch drones to DC either, they seem to be all in on attacking oil infrastructure as well as us bases & defense systems in the Middle East, rather than America.
>why would they launch drones to California rather than some place like DC or NY. It's a long distance.
Because they allegedly have a ship already in the Pacific loaded with drones.
DC and NY are way too far from Iran to launch any kind of attack; the only attack they can possibly do is from a ship, and ships can be anyplace where there's deep enough water.
> Iran plans to launch drones from ships into California
That does not make any sense to me. Does Iran have a bunch of ships in the Pacific? Why? How would they even got close enough to the US coast without being noticed at this point?
I'm not saying it's not true, I just don't understand.
If they were going to do it, it would probably look a lot like Ukraine's spiderweb attack.
However if they were going/able to do it, they probably wouldn't warn everyone and ruin the element of surprise, they would just do it.
I’ve been seeing stuff saying China is a big customer of Iranian oil, so maybe there are oil tankers heading to China from Iran. No idea if that is actually the case though. I wonder if that Flexport shipping map that was shared here recently has any info?
Yeah that makes no sense. only thing I've heard is they have connections to some cartels in south america. venezuela is gone but I suppose they could hire some local talent and get close enough?
Seems like a really dumb idea right now, unless maybe as a last resort if Trump decides to drop tactical nukes or something
Seems dire but hardly a supply chain disrupting attack. Stryker is a huge supplier but it not as if this will debilitate the medical supply chain completely. Seems like the hackers found a door they could kick open easily and then justified the action ex-post.
If they're a primary regional supplier, it could have a huge impact. It doesn't have to break the entire country to matter.
My understanding is that the aim was not to disrupt the supply chain but to harm the company itself.
So their own faulty security is now blamed on others. That's not new.
They’ve been around for a while. Threat actors are something that I want our governments to be working on stopping. If they were capable, I would say we should run a government Project Zero but I doubt anyone would do long term service for $70k/yr when they could be making 10x-100x that.
Anyway, the bombings will have to continue till we rubble our enemies.
We had a government agency working on stopping threat actors, the Cybersecurity & Infrastructure Security Agency, but then DOGE ruined it. Now it’s a shell.
So the role they were fulfilling is gone entirely? What was it?
The "Fucking for Virginity" approach to infosec strikes again!
Can you elaborate what you mean?
Are you referring to a paradigm where people make their systems less secure in the effort to make them more secure?
Yes, exactly. In the realpolitik of organizational IT security, there's less of an emphasis on making systems more resilient to attack, much more of an emphasis on having an audit trail, so that in case the company is sued over a data breach they can claim "we did the very best that could be reasonably expected of us with the knowledge we had at the time" and provide receipts to back up that claim. Implicit in that claim is also "we used the same tools that everyone else is using so you can't blame us specially for unwittingly choosing something vulnerable to compromise". Hence the proliferation of shitty single-point-of-failure "endpoint security" software that leads to events like the 2024 Clownstrike incident.
I think this refers to "bombing for peace". Sure the West should have just let Iran nuke whoever it wanted.
Nuclear weapons are a MAD red line that will result in total annihilation of the attacker. They are only useful in a defensive capacity.
This kind of aggression, however, does seem to make their value as a deterrent clear.
Observe how nobody is fucking with North Korea like they did with Iraq or Venezuela.
> Nuclear weapons are a MAD red line that will result in total annihilation of the attacker. They are only useful in a defensive capacity.
Also in a "if I'm going down, everyone else is going down with me", which is Ian's strategy in this war (for good reasons). If the IRGC had nukes, and was severely threatened (like, killing the Supreme Leader and threatening to kill all of the replacements until they bend to the US/Israel will), they might have decided to go out "with style".
Isn't this exactly what the Samson Option represents?
Nothing geopolitical about it in the sense I intended, except as a reference to the Vietnam-era catchphrase. It's simply a case of "putting spyware on everybody's corporate PC for security is like fucking for virginity".
Iran wasn't going to nuke anyone.
They want Islam to dominate the world, that can't happen if there isn't a world left to dominate.
Some people on Twitter have jokingly suggested that the Iranians were looking for the maker of the Stryker military vehicle.
https://en.wikipedia.org/wiki/Stryker
Yeah dumbasses regularly post nonsense on Elon's X™
I'm pretty sure that is not exclusive to X.
They are trying to hurt innocents in retaliation for the US murdering their children. I understand the sentiment, but strongly disagree with acting on it. Ukraine has done a much better (of course not perfect) job of retaliating against military targets in response to russian war crimes.
That’s not the motivation for these attacks at all. They’re waging asymmetric warfare against a much larger and more exposed opponent.
Their goal is to make it too troublesome for the US/Israel to continue attacking them, like a swarm of bees attacking a bear to keep it away from their honey.
Iran is in it to win it and the US is so very obviously not.
The question is if the pressure that Israel can put on the current administration greater than the pressure that Iran can put on America as a whole.
Time will tell.
I'm sure that if Iran had the backing of the Western world, and had their surplus of armaments funneled it's way, it would be bombing army bases and refineries and airfields and factories and port facilities in the US.
Unlike Ukraine, it does not, so it seems to be focusing on cyber vandalism and blowing up oil infrastructure in US vassal states, and other low-cost, high-ROI activities.