Weaponizing management vs. malware: Stryker’s Intune wipe shows stolen admin credentials are deadlier than new exploits
On March 11, 2026, an Iran-linked group calling itself Handala used compromised Microsoft Entra ID and Intune administrative access to remotely wipe more than 200,000 devices in 79 countries. The incident demonstrates a specific danger: legitimate MDM capabilities can be weaponized through stolen admin credentials, producing destruction without any endpoint malware. How a single admin […]
