InTune Compromise Allows Attackers to Remotely Wipe Medical Supply Company Devices

4 points by hoistbypetard

hoistbypetard

I toned-down the title to focus on the part of the story that's interesting here.

thesnarky1

Where did you get the AD information from? So far InTune seems to be the only bit that has been publicly acknowledged, which makes it seem as if the threat actor may have just gotten access to that controller and used it to issue a remote wipe command.
- hoistbypetard
  
  I saw it on the Reddit thread, but you're right, it wasn't well sourced. And now the most interesting comments there are deleted.
  
  I've edited the title to just say InTune. AD made sense to me as a vector to get to InTune, so I think I just took the comment as correct without much consideration once InTune was acknowledged.