Iran-linked wipers/APTs (Handala Stryker/CanisterWorm); NK Lazarus resurgences
Key Questions
What is the Handala attack on Stryker?
Iran-linked Handala group conducted Intune wipes targeting Stryker, affecting 200,000 devices on March 11, marking the first US healthcare 'war hit'. Scammers are exploiting the Iran war context. CISA recommends Intune hardening.
What is CanisterWorm?
CanisterWorm is linked to attacks against Iran, part of escalating Iran-linked APT and wiper activities in the US and Middle East. It targets healthcare and other sectors. Airgaps and MDM RBAC are advised mitigations.
How are Iranian proxies involved in recent threats?
Iranian proxies are ramping up activities, with FBI warnings on China/ME threats. This includes wipers and APTs exploiting conflicts. Zero trust, supplier hygiene, and crypto threat intelligence are key defenses.
Is North Korea's Lazarus Group behind the Drift Protocol exploit?
The $285M Drift Protocol exploit is speculated to be the work of NK Lazarus Group (UNC1069), involving months of preparation and linked to Axios activities. It follows resurgences in NK threats. Monitor crypto TI closely.
How are scammers exploiting the Iran war?
Scammers are leveraging the Iran war for phishing and fraud, costing billions annually, as per Consumer Federation reports. This ties into broader Iran-linked threats like Handala. Enhance hygiene and awareness training.
Handala Intune wipes (Stryker 200k/Mar11/US healthcare); CanisterWorm vs Iran; CISA Intune hardening; Iranian proxies/FBI China/ME; NK Lazarus Drift $285M DeFi (social eng/UNC1069 Axios). Airgaps/MDM RBAC/supplier/ZT/hygiene/crypto TI.