Skip to content
HivePro-WhiteLogo

The Iranian Cyber Threat Isn’t Slowing Down. 200,000+ Devices Wiped in 3 Hours.

On March 11, 2026, Handala used a compromised Microsoft Intune admin account to wipe 200,000+ devices at Stryker without deploying malware. That was one campaign. Iranian threat actors are also targeting cloud infrastructure, identity systems, VPNs, IP cameras, and critical sectors across the U.S. and beyond. This briefing covers the full threat picture, what is active right now, what is being targeted, and what your team needs to do before it becomes your problem.

CISA issued an active advisory after the Stryker attack, and the report shows Iranian cyber operations have intensified across multiple fronts, including destructive attacks, cloud strikes, and pre-positioned access inside critical infrastructure.

Inside the Briefing

LP Graphic
This briefing helps security teams quickly understand the current Iranian cyber threat and what it means for their environment.
Inside, you'll get:

  • How Handala wiped 200,000+ Stryker devices without deploying malware, and what that means for any organization using endpoint management tools.

  • The full roster of active Iranian threat actor groups, their targets, and live campaign activity.

  • The infrastructure now being exploited across sectors, including MDM, cloud, VPN, and identity systems.

  • How to identify whether your environment matches the exposure profile attackers are actively hunting.

  • Immediate actions to detect, validate, and reduce risk, prioritized by what is being exploited right now.

  • Live HivePro technical session: which Iranian attacks are surfacing and how to detect and prioritize them in your environment.

See What this Threat Means for Your Environment

Downloaded by 1000+ security teams, including organizations running Microsoft Intune, Tenable, Qualys, and Rapid7.