Security Research

Astra News & Insights

Threat intelligence, cloud security research & product updates

Latest dispatches

200,000 Devices Wiped: Handala Iranian Group Breaches Stryker

On March 11, 2026, the medical technology giant Stryker fell victim to a massive, geopolitically motivated cyberattack that paralyzed its global operations. Claimed by the Iran-linked group Handala. The incident stands as a landmark case of a corporation’s own administrative tools being turned into a weapon.

On March 11, 2026, the medical technology giant

Read more
200,000 Devices Wiped: Handala Iranian Group Breaches Stryker

Device Code Phishing: Where User Training & MFA Both Fail

The device code phishing process occurs on legitimate Microsoft infrastructure. As a result, traditional security training that teaches users to check URLs for red flags often fails. Once the user enters the code and completes their MFA challenge, the attacker intercepts the resulting access and refresh tokens giving them long term access to the user's email, teams and other Azure services.

The device code flow was originally designed for "input-constrained devices", such as smart TVs, gaming consoles, or IoT printers, that lack a traditional keyboard or web browser. While it is a niche authentication method, threat actors have increasingly hijacked it to conduct high-powered

Read more
Device Code Phishing: Where User Training & MFA Both Fail

Tycoon2FA - MFA Is No Longer A Silver Bullet

Microsoft Threat Intelligence has uncovered the inner workings of Tycoon2FA, a sophisticated Phishing-as-a-Service (PhaaS) platform that has targeted over 500,000 organizations monthly. Developed by the threat actor Storm-1747, this kit provides Adversary-in-the-Middle (AiTM) capabilities, allowing even low-skill attackers to bypass multifactor authentication (MFA) at scale.

Microsoft Threat Intelligence has uncovered the inner workings of

Read more
Tycoon2FA - MFA Is No Longer A Silver Bullet