Stryker Wiper Attack and Apple's Coruna Exploit Fixes [Prime Cyber Insights]

[00:00] Announcer: From Neural Newscast, this is Prime Cyber Insights, Intelligence for Defenders, Leaders, and Decision Makers. [00:11] Announcer: Welcome to the Briefing Room. I'm Aaron Cole, and this is Prime Cyber Insights for March 12, 2026. [00:19] Aaron Cole: I'm Lauren Mitchell. We lead today with a major disruption at Medical Technology Giants Striker, [00:25] Aaron Cole: Handala, an Iran-linked hacktivist group, is claiming responsibility for a massive data [00:31] Aaron Cole: wiping attack. [00:32] Announcer: The claims are significant, Lauren. [00:34] Announcer: Handala, which researchers at Palo Alto Networks linked to Iran's Ministry of Intelligence [00:39] Announcer: and Security, claims to have wiped data from more than 200,000 systems and mobile devices [00:44] Announcer: across 79 countries. [00:46] Announcer: Stryker reportedly sent home 5,000 workers in Ireland this week, and a building emergency was reported at their Michigan headquarters. [00:54] Aaron Cole: Aaron, the technical execution here is what practitioners should note. [00:59] Aaron Cole: According to reports from Krebs on Security, the attackers may have leveraged Microsoft Intune to issue remote wipe commands to connected devices. [01:09] Aaron Cole: If confirmed, this turns a standard management tool into a weapon for mass data destruction. [01:16] Announcer: Exactly. The downstream effects are already appearing. [01:19] Announcer: In Maryland, state EMS officials reported that several hospitals disconnected from striker's [01:24] Announcer: life net system, which paramedics use to transmit EKGs. [01:28] Announcer: This is a real-world supply chain event affecting critical surgical supplies and diagnostic data. [01:34] Aaron Cole: It's a stark reminder of an informational denial of service, where SOC teams are overwhelmed [01:40] Aaron Cole: by volume while a targeted payload is delivered. [01:43] Aaron Cole: Turning to mobile security, Apple has backported several critical fixes for legacy devices [01:49] Aaron Cole: that cannot run iOS 17. [01:51] Announcer: The updates for iOS 15 and 16 address vulnerabilities associated with the Karuna exploit kit. [01:58] Announcer: As Robbie Lakshmanan reported, this kit contains 23 exploits designed to target iPhones running everything from iOS 13 to 17.2.1. [02:08] Aaron Cole: The Karuna kit is particularly interesting because it reuses vulnerabilities seen in Operation Triangulation. [02:15] Aaron Cole: While there is speculation about its origins involving United States contractors and Russian exploit brokers, for the practitioner, the takeaway is the persistent targeting of older webkit flaws like CVE 2023-43010. [02:31] Announcer: Lauren, the breadth of these patches for legacy hardware, including the iPhone 6S and 7, suggests [02:37] Announcer: these exploits are still being actively leveraged in the wild against targets who cannot upgrade [02:42] Announcer: their hardware. [02:43] Aaron Cole: It underscores why maintaining a patch lifecycle for legacy devices remains a high priority [02:49] Aaron Cole: risk. [02:50] Aaron Cole: That concludes our briefing. [02:52] Aaron Cole: For the full technical analysis, visit pci.neuralnewscast.com. [02:57] Aaron Cole: I'm Lauren Mitchell. [02:58] Announcer: And I'm Aaron Cole. [03:00] Announcer: Prime Cyber Insights is a production of the Neural Newscast Network. [03:03] Announcer: All content is for educational purposes and should not be taken as professional security or legal advice. [03:10] Announcer: Neural Newscast is AI-assisted, human-reviewed. [03:13] Announcer: View our AI transparency policy at neuralnewscast.com. [03:17] Lauren Mitchell: This has been Prime Cyber Insights on Neural Newscast. [03:20] Lauren Mitchell: Intelligence for defenders, leaders, and decision makers.