The Iranian-linked hacktivist group Handala launched a global data-wiping attack on medical device maker Stryker using Microsoft Intune's remote wipe capabilities. The attack disrupted operations in 79 countries, wiping over 200,000 devices and impacting healthcare supply chains. Detection involves monitoring unusual Intune activity, and remediation includes revoking credentials and restoring from backups.

Starkiller is a phishing-as-a-service platform that proxies victims’ interactions with legitimate login pages to capture credentials and bypass MFA. Delivered by the Jinkusu threat group, it uses Docker-based headless Chrome instances to relay real-time sessions and harvest authentication tokens. This service circumvents traditional detection and lowers the technical bar for cybercriminals.

The Kimwolf IoT botnet recently attempted a Sybil attack on the I2P network by flooding it with hundreds of thousands of infected devices, causing severe disruptions. Kimwolf operators use I2P and similar anonymity networks as fallback command and control channels to evade takedown efforts. Detection involves monitoring network anomalies and known IoT malware signatures; removal requires firmware patching and network segmentation.