Handala's latest is a dump allegedly of Ron Prosor's emails, who they originally mentioned 8 days ago.
-
Handala appear to have fully wiped a company called Stryker, a global healthcare company.
Not in the link but they've got into AD, and wiped all the devices with Intune etc etc.
Stryker cyber attack - Irish unable to work as hackers cripple global systems
All IT systems at Stryker, which employs 4,000 people in its Cork base, remain down.
Irish Mirror (www.irishmirror.ie)
Some more on Stryker situation.
-
Some more on Stryker situation.
Handala have claimed responsibility to me, saying they wiped about a quarter of a mil endpoints. They say it’s because of the strike on a girls’ primary school in Minab, in Iran’s Hormozgan province, which killed close to 200 people.
-
Handala have claimed responsibility to me, saying they wiped about a quarter of a mil endpoints. They say it’s because of the strike on a girls’ primary school in Minab, in Iran’s Hormozgan province, which killed close to 200 people.
There’s an entire thread tracking Handala above btw, goes back multiple years. Some bits need follow links to the thread as I broke it.
Their MO is break in, lay low for months, when target interesting exfiltrate data and then delete everything including org backups. They pivot to domain admin early and then sit on access for later. They live off land and live off org IT documentation.
-
R relay@relay.infosec.exchange shared this topic
-
Handala have claimed responsibility to me, saying they wiped about a quarter of a mil endpoints. They say it’s because of the strike on a girls’ primary school in Minab, in Iran’s Hormozgan province, which killed close to 200 people.
Yikes! That's a lot of endpoints and associated servers and other infrastructure.
I wonder if they will be able to recover? Particularly if the backups are gone and there are no others in cold storage somewhere.
As they have discovered, blowback can be painful and expensive or even unrecoverable.
