Podcast Summary: Talkin' Bout [Infosec] News – Iranian Hackers Claim Responsibility for Stryker Attack

Black Hills Information Security | March 17, 2026

Overview

This episode dives deep into key information security news, focusing on the Stryker attack allegedly by Iranian threat actors, high-profile corporate security failures, the intersection of AI and cybersecurity, and the shifting motives behind cyber warfare. The hosts intersperse technical analysis and personal anecdotes with their signature humor, offering both practitioners and casual listeners an accessible, engaging take on recent cyber incidents and industry developments.

Key Points & Insights

1. Stryker Attack by Alleged Iranian Threat Actors

[09:15 - 21:46]

Incident Overview: Stryker, a major med-tech company, suffered a catastrophic breach where attackers deployed wiper malware via their cloud MDM (Intune/Entra ID). Personal and company devices enrolled in Intune were wiped—effectively a worst-case scenario.
Data Exfiltration Claims: There are unsubstantiated claims of petabytes of data exfiltrated; hosts are skeptical, citing technical and economic improbabilities.
- John [15:23]: "The S3 cost on like 12 petabytes is something like $264,000 a month."
Initial Attack Vector Uncertainty: The most likely access path discussed is phishing, vishing, or abuse of admin credentials, possibly enabled or complicated by corporate acquisitions.
Living-Off-the-Land Techniques: Reported use of numerous leaked credentials for lateral movement; threat actors avoided detection by using standard tools and methods rather than bespoke malware.
- Troy [17:03]: "Cisco Talos incident responders said it was hundreds of leaked Stryker credentials on the Dark Web... using living off the land techniques."
Risks of Large Attack Surface: Larger enterprises are inherently harder to defend due to expansive attack surfaces—more employees, more cloud/SaaS, more API keys vulnerable to leaks.
- Roy [13:39]: "Your likelihood of having creds or API keys or session tokens... grows up dramatically once you start getting past like 10, 15,000 people."

Notable Quote

"This is about as close as it gets to a cyber missile strike."
— Corey [16:05]

Counter-Response & Industry Lessons

Limit and audit global admin/cloud privileges (e.g., Azure PIM).
Implement rate-limiting on bulk reset capabilities.
Maintain strong detection engineering and continuous, not just annual, pen-testing.
Beware of vulnerabilities introduced during mergers.

2. Broader Iranian Cyber Context & Geopolitics

[17:27 - 23:39]

Other Targets: Verifone, Eminet Pass Guard, Israeli transportation/logistics, multiple universities were also attacked.
Cyber Response: Some panelists expected more severe retaliation; uncertainty whether Iran is holding back, already using all capabilities, or had infrastructure impaired by counter-cyberactions.
Attribution Limitations: Broad media/social attribution—“blame Iran for any hack this month”—highlights the challenge of accurate, timely attribution in global cyber events.

Notable Quote

"For me, the news story is the cyber attacks haven't been as bad as they could have... What does that mean? Either A, they're standing back or B, they were absolutely destroyed in the first couple of waves."
— Roy [20:59]

3. Corporate Security Lapses: McKinsey AI Chatbot Breach

[24:00 - 32:54]

What Happened: Researchers compromised McKinsey’s internal AI chatbot platform “Lily”, exposing millions of sensitive messages and files.
Vulnerabilities: Old-school vulnerabilities, including SQL injection via JSON keys, led to prompt/system data leakage.
Bug Bounty Friction: Disclosure timeline was rushed; researchers quickly published findings after patching, leading some hosts to speculate this was leveraged as a marketing stunt.
- Roy [28:16]: "They patched everything on the second... this whole timeline, just..."
- John: "The domain for this [research] company is less than 30 days [old]."
Broader Trend: Internal, “trusted” AI tools bypass normal application security rigor—a common pattern at enterprises rushing to “AI enable” without proper security reviews.

Notable Quote

"You hire these sorts of consulting companies... you probably pay them a stupid amount of money...and so when you look at what they claim access to...very scary to wonder, like, what is lurking within that context."
— Hayden [27:08]

4. AI-Caused Outages at Amazon

[32:55 - 36:46]

Incidents: Amazon suffered notable outages due to autonomous AI agents making aggressive changes, e.g., deleting/redeploying environments, and breaking production systems such as the cost calculator.
Policy Response: New requirement for senior engineers to review AI-made changes before production rollout.
- Corey [35:16]: "Now that means they're going to have to unfire all 16,000 of those people they laid off."
Market Pressures: Discussion on how the rush for efficiency and AI adoption leads to dangerous oversights—contrasted with Japanese firms’ long-term approaches.

Notable Quote

"It is crazy to be like the CEO and... 'Alright, we're firing all the senior engineers, replacing them with AI. Okay, we're hiring all the engineers back because the AI decided to just make product breaking changes.'"
— Corey [35:19]

5. Meta/Facebook’s Shift Away from Encrypted Messaging

[45:45 - 49:56]

End-to-End Encryption Dropped: Meta to discontinue E2E encrypted chats, with ostensible reasons tied to child safety and regulatory pressure.
- Hosts are highly skeptical, citing pressure to mine message data for business/ad targeting more than pure privacy/safety reasons.
- Hayden [47:28]: "The advertising company wants more data... Even if the government says we want a backdoor...[then] they can mine all your chat."
Regulatory Trends: Broad governmental moves toward age verification and user surveillance influence platform privacy roadmaps globally.
Alternatives: Messenger for now still offers E2E, but signals are clear for migration to more privacy-focused platforms.

6. AI Startups, Acquisitions, and the Accelerationist Mindset

[39:37 - 44:52]

Meta Acquires “Moltbook” Team: Example of AI founders turning viral products or ideas into lucrative exits—even when the foundational tech is dubious or derived from open sources.
Humor & Satire: Hosts joke about the “gold rush” attitude, the PR posturing of tech giants, and the meta-cycle of hiring and firing engineers for AI competitiveness.

Notable Quote

"Go start a company right now or you're forever going to be poor."
— Hayden [42:32], lampooning the tech-industry’s AI panic/investment rush

7. Techniques & New Threats: DNS Covert Channels, Zeke Logging Limitations

[51:14 - 54:37]

Case-Sensitive DNS C2: Discussed a new variant of command-and-control using DNS case sensitivity for covert signals—potential anti-detection method.
Zeke IDS Limitation: Zeke lowercases DNS logs, stripping out this covert channel, possibly reducing detection capability.
Practical Use: Interesting from a threat intelligence/teaching perspective—malicious actors continue to innovate low-profile exfiltration methods.

Notable Quote

"You could treat lowercase as zeros, uppercase as ones... without changing the FQDN but toggling case... but I've never seen it in the wild before until this article."
— Troy [52:52]

Other Notable Moments

Humorous Take on APT Naming (08:44)
Roy: "All the APTs join it and it’s like, that’s your apt name. Like Sad Panda 52..."
Shameless Self-Promotion & Community Plugs
Regular mentions of upcoming AntiSiphon SOC Summit (March 25–April 10), and host talks (on Yara, Sigma rules, CTI to detection engineering, “How to Read the News for Security”).
- Wade [56:47]: "I have another talk in May... 'How to Read the News Better' for security."

Final Segment Highlights

Security News Fatigue and Wrap-up
The panel briefly touches on additional news (e.g., Michelin breach, AI-developed cancer vaccine story), but circle back to themes of skepticism, healthy cynicism, and the importance of critical thinking amidst cyber news cycles.

Timestamps for Important Segments

[09:15] Stryker attack technical breakdown
[17:03] Dark Web credentials and living off the land
[24:00] McKinsey AI chatbot vulnerability
[32:55] Amazon AI “failure” stories
[39:37] Meta acquires AI startup/team
[45:45] Meta drops end-to-end encryption
[51:14] DNS C2 covert channels
[56:47] Upcoming talks and events plug

Takeaways

Enterprise cloud and SaaS security must be built around least-privilege and defense-in-depth, with special care for admin accounts and M&A-driven integration creep.
AI and automation—left unchecked—can scale mistakes as fast as they scale efficiency. Human review and “old-school” engineering best practices remain essential.
Bug bounty and public disclosure politics are fraught—timelines, motivations, and handling can drive as much PR as security.
Threat actors continuously evolve their TTPs, making even esoteric protocols (like DNS case sensitivity) potential C2 channels; defenders must stay vigilant and inventive.
Privacy and encryption are continuously eroded by commercial and regulatory pressure; informed users should adapt accordingly.

Tone and Style

Playful, candid, and unfiltered — the BHIS podcast team delivers actionable insights with community warmth, humor, and healthy skepticism toward both vendors and geopolitical posturing.

Memorable Quotes

"This is about as close as it gets to a cyber missile strike." — Corey [16:05]
"If I had to guess... they just vished or helped us se to a super high level admin..." — Corey [14:24]
"Go start a company right now or you're forever going to be poor." — Hayden [42:32]

For those unable to listen: this episode is a lively, topical dissection of 2026’s biggest infosec headlines, blending war-room strategy with cyber meme culture and practical advice for modern defenders.

Podcast Summary: Talkin' Bout [Infosec] News – Iranian Hackers Claim Responsibility for Stryker Attack

Black Hills Information Security | March 17, 2026

Overview

Key Points & Insights

1. Stryker Attack by Alleged Iranian Threat Actors

[09:15 - 21:46]

Incident Overview: Stryker, a major med-tech company, suffered a catastrophic breach where attackers deployed wiper malware via their cloud MDM (Intune/Entra ID). Personal and company devices enrolled in Intune were wiped—effectively a worst-case scenario.
Data Exfiltration Claims: There are unsubstantiated claims of petabytes of data exfiltrated; hosts are skeptical, citing technical and economic improbabilities.
- John [15:23]: "The S3 cost on like 12 petabytes is something like $264,000 a month."
Initial Attack Vector Uncertainty: The most likely access path discussed is phishing, vishing, or abuse of admin credentials, possibly enabled or complicated by corporate acquisitions.
Living-Off-the-Land Techniques: Reported use of numerous leaked credentials for lateral movement; threat actors avoided detection by using standard tools and methods rather than bespoke malware.
- Troy [17:03]: "Cisco Talos incident responders said it was hundreds of leaked Stryker credentials on the Dark Web... using living off the land techniques."
Risks of Large Attack Surface: Larger enterprises are inherently harder to defend due to expansive attack surfaces—more employees, more cloud/SaaS, more API keys vulnerable to leaks.
- Roy [13:39]: "Your likelihood of having creds or API keys or session tokens... grows up dramatically once you start getting past like 10, 15,000 people."

Notable Quote

"This is about as close as it gets to a cyber missile strike."
— Corey [16:05]

Counter-Response & Industry Lessons

Limit and audit global admin/cloud privileges (e.g., Azure PIM).
Implement rate-limiting on bulk reset capabilities.
Maintain strong detection engineering and continuous, not just annual, pen-testing.
Beware of vulnerabilities introduced during mergers.

2. Broader Iranian Cyber Context & Geopolitics

[17:27 - 23:39]

Other Targets: Verifone, Eminet Pass Guard, Israeli transportation/logistics, multiple universities were also attacked.
Cyber Response: Some panelists expected more severe retaliation; uncertainty whether Iran is holding back, already using all capabilities, or had infrastructure impaired by counter-cyberactions.
Attribution Limitations: Broad media/social attribution—“blame Iran for any hack this month”—highlights the challenge of accurate, timely attribution in global cyber events.

Notable Quote

"For me, the news story is the cyber attacks haven't been as bad as they could have... What does that mean? Either A, they're standing back or B, they were absolutely destroyed in the first couple of waves."
— Roy [20:59]

3. Corporate Security Lapses: McKinsey AI Chatbot Breach

[24:00 - 32:54]

What Happened: Researchers compromised McKinsey’s internal AI chatbot platform “Lily”, exposing millions of sensitive messages and files.
Vulnerabilities: Old-school vulnerabilities, including SQL injection via JSON keys, led to prompt/system data leakage.
Bug Bounty Friction: Disclosure timeline was rushed; researchers quickly published findings after patching, leading some hosts to speculate this was leveraged as a marketing stunt.
- Roy [28:16]: "They patched everything on the second... this whole timeline, just..."
- John: "The domain for this [research] company is less than 30 days [old]."
Broader Trend: Internal, “trusted” AI tools bypass normal application security rigor—a common pattern at enterprises rushing to “AI enable” without proper security reviews.

Notable Quote

"You hire these sorts of consulting companies... you probably pay them a stupid amount of money...and so when you look at what they claim access to...very scary to wonder, like, what is lurking within that context."
— Hayden [27:08]

4. AI-Caused Outages at Amazon

[32:55 - 36:46]

Incidents: Amazon suffered notable outages due to autonomous AI agents making aggressive changes, e.g., deleting/redeploying environments, and breaking production systems such as the cost calculator.
Policy Response: New requirement for senior engineers to review AI-made changes before production rollout.
- Corey [35:16]: "Now that means they're going to have to unfire all 16,000 of those people they laid off."
Market Pressures: Discussion on how the rush for efficiency and AI adoption leads to dangerous oversights—contrasted with Japanese firms’ long-term approaches.

Notable Quote

"It is crazy to be like the CEO and... 'Alright, we're firing all the senior engineers, replacing them with AI. Okay, we're hiring all the engineers back because the AI decided to just make product breaking changes.'"
— Corey [35:19]

5. Meta/Facebook’s Shift Away from Encrypted Messaging

[45:45 - 49:56]

End-to-End Encryption Dropped: Meta to discontinue E2E encrypted chats, with ostensible reasons tied to child safety and regulatory pressure.
- Hosts are highly skeptical, citing pressure to mine message data for business/ad targeting more than pure privacy/safety reasons.
- Hayden [47:28]: "The advertising company wants more data... Even if the government says we want a backdoor...[then] they can mine all your chat."
Regulatory Trends: Broad governmental moves toward age verification and user surveillance influence platform privacy roadmaps globally.
Alternatives: Messenger for now still offers E2E, but signals are clear for migration to more privacy-focused platforms.

6. AI Startups, Acquisitions, and the Accelerationist Mindset

[39:37 - 44:52]

Meta Acquires “Moltbook” Team: Example of AI founders turning viral products or ideas into lucrative exits—even when the foundational tech is dubious or derived from open sources.
Humor & Satire: Hosts joke about the “gold rush” attitude, the PR posturing of tech giants, and the meta-cycle of hiring and firing engineers for AI competitiveness.

Notable Quote

"Go start a company right now or you're forever going to be poor."
— Hayden [42:32], lampooning the tech-industry’s AI panic/investment rush

7. Techniques & New Threats: DNS Covert Channels, Zeke Logging Limitations

[51:14 - 54:37]

Case-Sensitive DNS C2: Discussed a new variant of command-and-control using DNS case sensitivity for covert signals—potential anti-detection method.
Zeke IDS Limitation: Zeke lowercases DNS logs, stripping out this covert channel, possibly reducing detection capability.
Practical Use: Interesting from a threat intelligence/teaching perspective—malicious actors continue to innovate low-profile exfiltration methods.

Notable Quote

"You could treat lowercase as zeros, uppercase as ones... without changing the FQDN but toggling case... but I've never seen it in the wild before until this article."
— Troy [52:52]

Other Notable Moments

Humorous Take on APT Naming (08:44)
Roy: "All the APTs join it and it’s like, that’s your apt name. Like Sad Panda 52..."
Shameless Self-Promotion & Community Plugs
Regular mentions of upcoming AntiSiphon SOC Summit (March 25–April 10), and host talks (on Yara, Sigma rules, CTI to detection engineering, “How to Read the News for Security”).
- Wade [56:47]: "I have another talk in May... 'How to Read the News Better' for security."

Final Segment Highlights

Security News Fatigue and Wrap-up
The panel briefly touches on additional news (e.g., Michelin breach, AI-developed cancer vaccine story), but circle back to themes of skepticism, healthy cynicism, and the importance of critical thinking amidst cyber news cycles.

Timestamps for Important Segments

[09:15] Stryker attack technical breakdown
[17:03] Dark Web credentials and living off the land
[24:00] McKinsey AI chatbot vulnerability
[32:55] Amazon AI “failure” stories
[39:37] Meta acquires AI startup/team
[45:45] Meta drops end-to-end encryption
[51:14] DNS C2 covert channels
[56:47] Upcoming talks and events plug

Takeaways

Enterprise cloud and SaaS security must be built around least-privilege and defense-in-depth, with special care for admin accounts and M&A-driven integration creep.
AI and automation—left unchecked—can scale mistakes as fast as they scale efficiency. Human review and “old-school” engineering best practices remain essential.
Bug bounty and public disclosure politics are fraught—timelines, motivations, and handling can drive as much PR as security.
Threat actors continuously evolve their TTPs, making even esoteric protocols (like DNS case sensitivity) potential C2 channels; defenders must stay vigilant and inventive.
Privacy and encryption are continuously eroded by commercial and regulatory pressure; informed users should adapt accordingly.

Tone and Style

Playful, candid, and unfiltered — the BHIS podcast team delivers actionable insights with community warmth, humor, and healthy skepticism toward both vendors and geopolitical posturing.

Memorable Quotes

"This is about as close as it gets to a cyber missile strike." — Corey [16:05]
"If I had to guess... they just vished or helped us se to a super high level admin..." — Corey [14:24]
"Go start a company right now or you're forever going to be poor." — Hayden [42:32]

Iranian Hackers Claim Responsibility for Stryker Attack - 2026-03-16

Summary

Podcast Summary: Talkin' Bout [Infosec] News – Iranian Hackers Claim Responsibility for Stryker Attack

Black Hills Information Security | March 17, 2026

Overview

Key Points & Insights

1. Stryker Attack by Alleged Iranian Threat Actors

Notable Quote

Counter-Response & Industry Lessons

2. Broader Iranian Cyber Context & Geopolitics

Notable Quote

3. Corporate Security Lapses: McKinsey AI Chatbot Breach

Notable Quote

4. AI-Caused Outages at Amazon

Notable Quote

5. Meta/Facebook’s Shift Away from Encrypted Messaging

6. AI Startups, Acquisitions, and the Accelerationist Mindset

Notable Quote

7. Techniques & New Threats: DNS Covert Channels, Zeke Logging Limitations

Notable Quote

Other Notable Moments

Final Segment Highlights

Timestamps for Important Segments

Takeaways

Tone and Style

Memorable Quotes

Summary

Podcast Summary: Talkin' Bout [Infosec] News – Iranian Hackers Claim Responsibility for Stryker Attack

Black Hills Information Security | March 17, 2026

Overview

Key Points & Insights

1. Stryker Attack by Alleged Iranian Threat Actors

Notable Quote

Counter-Response & Industry Lessons

2. Broader Iranian Cyber Context & Geopolitics

Notable Quote

3. Corporate Security Lapses: McKinsey AI Chatbot Breach

Notable Quote

4. AI-Caused Outages at Amazon

Notable Quote

5. Meta/Facebook’s Shift Away from Encrypted Messaging

6. AI Startups, Acquisitions, and the Accelerationist Mindset

Notable Quote

7. Techniques & New Threats: DNS Covert Channels, Zeke Logging Limitations

Notable Quote

Other Notable Moments

Final Segment Highlights

Timestamps for Important Segments

Takeaways

Tone and Style

Memorable Quotes