Skip to content
HivePro-WhiteLogo

The Iranian Cyber Threat Isn't Imaginary. 200,000 Devices Wiped Last Month.

On March 11, 2026, Handala wiped 200,000 devices at Stryker Corporation using nothing but a compromised Microsoft Intune admin account. That was one campaign. Iranian threat actors are simultaneously targeting edge infrastructure, VPNs, identity systems, and critical industry sectors across the U.S. This briefing covers the full threat picture, what's active, what's being targeted, and what your team needs to do before you're in the news.

CISA issued an active advisory following the Stryker attack. The FBI is investigating additional targets. Iranian cyber activity across U.S. sectors is at its highest level this year.

Inside the Briefing

LP Graphic
This briefing helps security teams quickly understand the current Iranian cyber threat and what it means for their environment.
Inside, you'll get:

  • How Handala wiped 200,000 Stryker devices without deploying a single line of malware — and what it means for any organization running endpoint management tools

  • The full roster of active Iranian threat actor groups, their targets, and live campaign activity

  • Edge infrastructure, VPNs, and identity systems currently being exploited across U.S. sectors

  • How to identify whether your environment matches the exposure profile attackers are actively hunting

  • Immediate actions to detect, validate, and reduce risk, prioritized by what's being exploited right now

  • Live HivePro technical session: which Iranian attacks are surfacing and how to detect and prioritize them in your environment

See What this Threat Means for Your Environment

Downloaded by 1000+ security teams, including organizations running Microsoft Intune, Tenable, Qualys, and Rapid7.