
<html>


<head>


<meta http-equiv="Content-Type" content="text/html; charset=utf-8">


<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>


</head>


<body dir="ltr">


<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">


Cyber Disruptors,</div>


<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">


<br>


</div>


<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">


Here is another shared notification regarding the Stryker incident. See below.</div>


<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">


<br>


</div>


<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">


<br>


</div>


<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">


Thanks,</div>


<div class="elementToProof" id="Signature">


<div style="font-family: Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);" class="elementToProof">


<br>


</div>


<p style="margin: 0in; font-family: Aptos, serif; font-size: 12pt;" class="elementToProof">


<span style="font-family: Arial, Helvetica, sans-serif;"><b>Kevin Galusha, CISSP</b></span></p>


<p style="margin: 0in; font-family: Aptos, serif; font-size: 12pt;" class="elementToProof">


<span style="font-family: Arial, Helvetica, sans-serif;">Cybersecurity Architect</span></p>


<p style="margin: 0in; font-family: Aptos, serif; font-size: 12pt;" class="elementToProof">


<span style="font-family: Arial, Helvetica, sans-serif;">Clackamas County Technology Services</span></p>


<p style="margin: 0in; font-family: Aptos, serif; font-size: 12pt;" class="elementToProof">


<span style="font-family: Arial, Helvetica, sans-serif;">(503)723-4960</span></p>


<p style="margin: 0in; font-family: Aptos, serif; font-size: 12pt;" class="elementToProof">


<span style="font-family: Arial, Helvetica, sans-serif; color: rgb(5, 99, 193);"><u><a style="color: rgb(5, 99, 193); margin-top: 0px; margin-bottom: 0px;" href="mailto:KGalusha@clackamas.us">KGalusha@clackamas.us</a></u></span></p>


<p style="margin: 0in; font-family: Aptos, serif; font-size: 12pt;" class="elementToProof">


<span style="font-family: Arial, Helvetica, sans-serif; color: rgb(5, 99, 193);"><u><a style="color: rgb(5, 99, 193); margin-top: 0px; margin-bottom: 0px;" href="http://www.clackamas.us/">www.clackamas.us</a></u></span></p>


<p style="margin: 0in; font-family: Aptos, serif; font-size: 12pt;" class="elementToProof">


 </p>


</div>


<div id="appendonsend"></div>


<hr style="display:inline-block;width:98%" tabindex="-1">


<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Kainoa, Leslie <leslie.kainoa@cisa.dhs.gov><br>


<b>Sent:</b> Friday, March 20, 2026 10:15 AM<br>


<b>To:</b> Galusha, Kevin <KGalusha@clackamas.us><br>


<b>Subject:</b> FW: Endpoint Management System Hardening After Cyberattack Against US Organization TLP: CLEAR</font>


<div> </div>


</div>


<style>


<!--


@font-face


        {font-family:Wingdings}


@font-face


        {font-family:"Cambria Math"}


@font-face


        {font-family:Calibri}


@font-face


        {font-family:Aptos}


p.x_MsoNormal, li.x_MsoNormal, div.x_MsoNormal


        {margin:0in;


        font-size:12.0pt;


        font-family:"Aptos",sans-serif}


a:link, span.x_MsoHyperlink


        {color:blue;


        text-decoration:underline}


span.x_EmailStyle19


        {font-family:"Aptos",sans-serif;


        color:windowtext}


.x_MsoChpDefault


        {font-size:10.0pt}


@page WordSection1


        {margin:1.0in 1.0in 1.0in 1.0in}


div.x_WordSection1


        {}


ol


        {margin-bottom:0in}


ul


        {margin-bottom:0in}


-->


</style>


<div lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">


<div class="x_mc-ip-hide" style="display:block!important; height:auto!important; background:#FFFFFF!important; opacity:1!important; visibility:visible!important; color:#000000!important; font-size:12px!important; font-family:Helvetica,Arial,sans-serif!important; text-align:left!important">


<strong style="display:block!important; height:auto!important; background:#FFFFFF!important; opacity:1!important; visibility:visible!important; color:#000000!important; font-size:12px!important; font-family:Helvetica,Arial,sans-serif!important; text-align:left!important">


<div style="background-color:; border:0px double #F15D22; padding:.2em">


<div style="font-size:14pt; color:black; font-style:bold">Warning: External email. Be cautious opening attachments and links.</div>


</div>


<hr>


<br>


</strong><br>


<hr>


</div>


<div class="x_WordSection1">


<p class="x_MsoNormal">Hi Kevin,</p>


<p class="x_MsoNormal">One more for today.  Thank you.</p>


<p class="x_MsoNormal"> </p>


<p class="x_MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif; color:#242424">Respectfully,</span><span style=""></span></p>


<p class="x_MsoNormal" style="background:white"><span style="font-family:"Calibri",sans-serif; color:#242424">Leslie Ann Kainoa, CISSP, GICSP, CDPSE</span><span style=""></span></p>


<p class="x_MsoNormal" style="background:white"><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#242424">Cybersecurity State Coordinator</span><span style=""></span></p>


<p class="x_MsoNormal" style="background:white"><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#242424">Cybersecurity and Infrastructure Security Agency</span><span style=""></span></p>


<p class="x_MsoNormal" style="background:white"><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#242424">Region 10 (OR)</span><span style=""></span></p>


<p class="x_MsoNormal" style="background:white"><span style="font-size:11.0pt; font-family:"Calibri",sans-serif; color:#242424">(503) 462-5626</span><span style=""></span></p>


<p class="x_MsoNormal"> </p>


<p class="x_MsoNormal"> </p>


<p class="x_MsoNormal"> </p>


<div>


<div style="border:none; border-top:solid #E1E1E1 1.0pt; padding:3.0pt 0in 0in 0in">


<p class="x_MsoNormal"><b><span style="font-size:11.0pt; font-family:"Calibri",sans-serif">From:</span></b><span style="font-size:11.0pt; font-family:"Calibri",sans-serif"> Mark Breunig <mark.breunig@alaskacybergroup.org>


<br>


<b>Sent:</b> Thursday, March 19, 2026 9:58 AM<br>


<b>Subject:</b> Endpoint Management System Hardening After Cyberattack Against US Organization TLP: CLEAR</span></p>


</div>


</div>


<p class="x_MsoNormal"> </p>


<div style="border:solid #9C6500 1.0pt; padding:0in 0in 0in 0in; display:flex">


<p class="x_MsoNormal" style="line-height:12.0pt; background:#FFEB9C"><b><span style="font-size:10.0pt; font-family:"Calibri",sans-serif; color:#9C6500">CAUTION:


</span></b><span style="font-size:10.0pt; font-family:"Calibri",sans-serif; color:black">This email originated from outside of CISA/DHS. DO NOT click links or open attachments unless you recognize and/or trust the sender. Contact your component SOC with questions


 or concerns. </span></p>


</div>


<p class="x_MsoNormal"> </p>


<div>


<div>


<p class="x_MsoNormal"><span style="color:black">Hi Everyone,</span></p>


</div>


<div>


<p class="x_MsoNormal"><span style="color:black"> </span></p>


</div>


<div>


<p class="x_MsoNormal"><span style="color:black">I am passing on the following from CISA for your awareness:</span></p>


</div>


<div>


<p class="x_MsoNormal"><span style="color:black"> </span></p>


</div>


<table class="x_MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%; background:white; min-width:100%">


<tbody>


<tr>


<td style="padding:3.75pt 0in 3.75pt 0in">


<table class="x_MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%; min-width:100%">


<tbody>


<tr>


<td style="padding:0in 0in 0in 0in">


<p class="x_MsoNormal" style="text-align:justify; line-height:18.0pt"><span style="font-size:13.0pt; color:black">The information in this Cybersecurity and Infrastructure Security Agency (CISA)


</span><u><span style="font-size:13.0pt; color:#0552D9"><a href="https://urldefense.us/v3/__https:/urldefense.proofpoint.com/v2/url?u=https-3A__click.communications.cyber.nj.gov_-3Fqs-3DeyJkZWtJZCI6ImU4N2E1YTkzLTFmNWEtNDIzMS04ZDA4LTI5YzRhMzg3YjUxZSIsImRla1ZlcnNpb24iOjEsIml2IjoiazlHb2paT3NPcFBta1RNZWJPakJqZz09IiwiY2lwaGVyVGV4dCI6ImZseWxuNGh6Um9WR1BseFJrMnFkdzNsUGVPTmxBcXZtRjVveTNMeUJmZzMxdWF2L3d3T05BTzUzMGxNME9aZEx0cmtHVmZ4TFN6elNCODgyd2VYeGNNVm9rUm5mWWVDVDBhaU5rNnc2aythUk14NXM2TUdPIiwiYXV0aFRhZyI6IlBOSUh6emJCNWZGd3hXaVJHZDloNEE9PSJ9&d=DwMDaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=CHF8RS5RD8ABJLdLVVal90iKCKVWbHlOkJbUV4ODBxrVwDW8JfLNzpoyCTM4eHAt&m=C2jD1VJrb6JDUrPumSBvw9-pROIN06bRHV6nAILDmX0HsAzD7pa72g4Jvksuk65I&s=jJzCpGpXlOZODskc76aj8xsZIqxVuAhCXg92ZQfcIOI&e=__;!!BClRuOV5cvtbuNI!CB_3sUlA34nxBYjj2WMeUYRTwtWQNZ2RaYk1ukVjz_BNM4f863JE6YP3A95JAyOsU7e4lKOTr2Bnsm-JhLpzJCoFqlVLh2dfipWIUDg$" title="https://urldefense.proofpoint.com/v2/url?u=https-3A__click.communications.cyber.nj.gov_-3Fqs-3DeyJkZWtJZCI6ImU4N2E1YTkzLTFmNWEtNDIzMS04ZDA4LTI5YzRhMzg3YjUxZSIsImRla1ZlcnNpb24iOjEsIml2IjoiazlHb2paT3NPcFBta1RNZWJPakJqZz09IiwiY2lwaGVyVGV4dCI6ImZseWxuNGh6Um9W"><span style="color:#0552D9">Alert


</span></a></span></u><span style="font-size:13.0pt; color:black">is being provided as is for informational purposes only. CISA does not endorse any commercial entity, product, company, or service, including any entities, products, or services linked within


 this document. Any reference to specific commercial entities, products, processes, or services by service mark, trademark, manufacturer, or otherwise, does not constitute or imply endorsement, recommendation, or favoring by CISA.</span><span style="font-size:13.0pt"></span></p>


</td>


</tr>


</tbody>


</table>


</td>


</tr>


</tbody>


</table>


<p class="x_MsoNormal"> </p>


<table class="x_MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%; background:white; min-width:100%">


<tbody>


<tr>


<td style="padding:3.75pt 0in 3.75pt 0in">


<table class="x_MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%; min-width:100%">


<tbody>


<tr>


<td style="padding:0in 0in 0in 0in">


<p class="x_MsoNormal" style="text-align:justify; line-height:18.0pt"><span style="font-size:13.0pt; color:black">CISA is aware of malicious cyber activity targeting endpoint management systems of US organizations based on the March 11 cyberattack against US-based


 medical technology firm Stryker Corporation, which affected their Microsoft environment. To defend against similar malicious cyber activity, CISA urges organizations to harden endpoint management system configurations using the recommendations and resources


 provided in this alert. CISA is conducting enhanced coordination with federal partners, including the Federal Bureau of Investigation (FBI), to identify additional threats and determine mitigation actions.</span></p>


</td>


</tr>


</tbody>


</table>


</td>


</tr>


</tbody>


</table>


<p class="x_MsoNormal"> </p>


<table class="x_MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%; background:white; min-width:100%">


<tbody>


<tr>


<td style="padding:3.75pt 0in 0in 0in">


<table class="x_MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%; min-width:100%">


<tbody>


<tr>


<td style="padding:0in 0in 0in 0in">


<p class="x_MsoNormal" style="text-align:justify; line-height:18.0pt"><span style="font-size:13.0pt; color:black">To defend against similar malicious activity that misuses legitimate endpoint management software, CISA urges organizations to implement Microsoft’s


 newly released </span><u><span style="font-size:13.0pt; color:#0552D9"><a href="https://urldefense.us/v3/__https:/urldefense.proofpoint.com/v2/url?u=https-3A__click.communications.cyber.nj.gov_-3Fqs-3DeyJkZWtJZCI6IjI2ZWRkYjhiLWVmYTgtNGI1Ni04Yzc1LWE0YTFjNjg0MjA3YiIsImRla1ZlcnNpb24iOjEsIml2IjoiMjl2VWdJc0FMZmVDYmJqcXFoS3pYUT09IiwiY2lwaGVyVGV4dCI6IitKSWlHYzIyUk16V0dFQkNYSlIwbkFPS3Q0VS9RUXlCbGNITVJiMUpyR0dBKzVVdG5iWEJEbVQrNk5MOG50dmx0bithOXljMG54V1hnKzdYSXNlaEZ6WENyY29lc3B6YjI5U0Fpd0F0OTRKdHVPcXFFck5kIiwiYXV0aFRhZyI6IkZaZUQ3dGNpeDZFWE5jS3R5aDZ5bkE9PSJ9&d=DwMDaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=CHF8RS5RD8ABJLdLVVal90iKCKVWbHlOkJbUV4ODBxrVwDW8JfLNzpoyCTM4eHAt&m=C2jD1VJrb6JDUrPumSBvw9-pROIN06bRHV6nAILDmX0HsAzD7pa72g4Jvksuk65I&s=CRrDzVX1tR0-WtpVeZioIRFtKD7R7qtFgs9ECqhH8B0&e=__;!!BClRuOV5cvtbuNI!CB_3sUlA34nxBYjj2WMeUYRTwtWQNZ2RaYk1ukVjz_BNM4f863JE6YP3A95JAyOsU7e4lKOTr2Bnsm-JhLpzJCoFqlVLh2dfW8E_osA$" title="https://urldefense.proofpoint.com/v2/url?u=https-3A__click.communications.cyber.nj.gov_-3Fqs-3DeyJkZWtJZCI6IjI2ZWRkYjhiLWVmYTgtNGI1Ni04Yzc1LWE0YTFjNjg0MjA3YiIsImRla1ZlcnNpb24iOjEsIml2IjoiMjl2VWdJc0FMZmVDYmJqcXFoS3pYUT09IiwiY2lwaGVyVGV4dCI6IitKSWlHYzIyUk16"><span style="color:#0552D9">best


 practices for securing Microsoft Intune</span></a></span></u><span style="font-size:13.0pt; color:black">; the principles of these recommendations can be applied to Intune and more broadly to other endpoint management software:</span><span style="font-size:13.0pt"></span></p>


</td>


</tr>


</tbody>


</table>


</td>


</tr>


</tbody>


</table>


<p class="x_MsoNormal"><span style="display:none"> </span></p>


<table class="x_MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%; min-width:100%">


<tbody>


<tr>


<td style="padding:0in 0in 0in 0in">


<ul type="disc">


<li class="x_MsoNormal" style="color:black; line-height:18.0pt; align-self:start">


<b><span style="font-size:13.0pt">Use principles of least privilege</span></b><span style="font-size:13.0pt"> when designing administrative roles.</span><span style="font-size:13.0pt; font-family:"Arial",sans-serif"></span></li><ul type="circle">


<li class="x_MsoNormal" style="color:black; line-height:18.0pt; align-self:start">


<span style="font-size:13.0pt; font-family:"Arial",sans-serif"></span><span style="font-size:13.0pt">Leverage Microsoft Intune’s role-based access control (RBAC) to assign the minimum permissions necessary to each role for completing day-to-day operations—permissions


 include what actions the role can take, and what users and devices it can apply that action to.</span></li></ul>


<li class="x_MsoNormal" style="color:black; line-height:18.0pt; align-self:start">


<b><span style="font-size:13.0pt">Enforce phishing-resistant multi-factor authentication (MFA) and privileged access hygiene</span></b><span style="font-size:13.0pt">. </span></li><ul type="circle">


<li class="x_MsoNormal" style="color:black; line-height:18.0pt; align-self:start">


<span style="font-size:13.0pt">Use Microsoft Entra ID capabilities (including Conditional Access, MFA, risk signals, and privileged access controls) to block unauthorized access to privileged actions in Microsoft Intune.</span></li></ul>


<li class="x_MsoNormal" style="color:black; line-height:18.0pt; align-self:start">


<b><span style="font-size:13.0pt">Configure access policies to require </span></b><b><u><span style="font-size:13.0pt; color:#0552D9"><a href="https://urldefense.us/v3/__https:/urldefense.proofpoint.com/v2/url?u=https-3A__click.communications.cyber.nj.gov_-3Fqs-3DeyJkZWtJZCI6ImQyZmU0ZDJmLWIwMGItNGMyNS05NzhkLWJlYjcyMDc4MGU1ZSIsImRla1ZlcnNpb24iOjEsIml2IjoiV3NjYTR0QzJUdktONzhzeDZvU3VJdz09IiwiY2lwaGVyVGV4dCI6IjRGZVEyU2RrZ25aY01vM2RwS000ejFNU0p5dENyVkEvblN4TjhhcG56dWplcndFSWRndkNtV1JFZk9HN3IwTWh3Z2J4TzNnSUsydTJFOXhEQnBleUNFMnpoZWdSbFFOYXh4cmkwTFpPOG8zdnl6SHFoSzRqIiwiYXV0aFRhZyI6ImE3WVQzRU1HbDdJSVRiT0Y2QkdWQXc9PSJ9&d=DwMDaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=CHF8RS5RD8ABJLdLVVal90iKCKVWbHlOkJbUV4ODBxrVwDW8JfLNzpoyCTM4eHAt&m=C2jD1VJrb6JDUrPumSBvw9-pROIN06bRHV6nAILDmX0HsAzD7pa72g4Jvksuk65I&s=fUStEMp3_zNA4mZr0myZJgBAdwJc-iFC-oMDTe-Xy7s&e=__;!!BClRuOV5cvtbuNI!CB_3sUlA34nxBYjj2WMeUYRTwtWQNZ2RaYk1ukVjz_BNM4f863JE6YP3A95JAyOsU7e4lKOTr2Bnsm-JhLpzJCoFqlVLh2dfPMoV5gA$" title="https://urldefense.proofpoint.com/v2/url?u=https-3A__click.communications.cyber.nj.gov_-3Fqs-3DeyJkZWtJZCI6ImQyZmU0ZDJmLWIwMGItNGMyNS05NzhkLWJlYjcyMDc4MGU1ZSIsImRla1ZlcnNpb24iOjEsIml2IjoiV3NjYTR0QzJUdktONzhzeDZvU3VJdz09IiwiY2lwaGVyVGV4dCI6IjRGZVEyU2RrZ25a"><span style="color:#0552D9">Multi


 Admin Approval in Microsoft Intune</span></a></span></u></b><span style="font-size:13.0pt">.</span></li><ul type="circle">


<li class="x_MsoNormal" style="color:black; line-height:18.0pt; align-self:start">


<span style="font-size:13.0pt">Set up policies that require a second administrative account’s approval to allow changes to sensitive or high-impact actions (such as device wiping), applications, scripts, RBAC, configurations, etc.  </span></li></ul>


</ul>


</td>


</tr>


</tbody>


</table>


<p class="x_MsoNormal"> </p>


<table class="x_MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%; background:white; min-width:100%">


<tbody>


<tr>


<td style="padding:0in 0in 3.75pt 0in">


<table class="x_MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%; min-width:100%">


<tbody>


<tr>


<td style="padding:0in 0in 0in 0in">


<p class="x_MsoNormal" style="text-align:justify; line-height:18.0pt"><span style="font-size:13.0pt; color:black">Additionally, CISA recommends reviewing the resources contained in the alert to strengthen defenses against similar malicious cyber activity.</span></p>


</td>


</tr>


</tbody>


</table>


</td>


</tr>


</tbody>


</table>


<div>


<p class="x_MsoNormal"><span style="color:black"> </span></p>


</div>


<p class="x_MsoNormal" style="background:white"><b><span style="color:black">Reporting</span></b><span style="color:black"></span></p>


<p class="x_MsoNormal" style="background:white"><span style="color:black">Thank you so much to those of you that have been submitting reports. Sharing information protects everyone and increases awareness.</span></p>


<p class="x_MsoNormal" style="background:white"><span style="color:black"> </span></p>


<p class="x_MsoNormal" style="background:white"><span style="color:black">If anyone observes additional/new traffic, please notify me so that the information can be shared for the benefit of everyone. As mentioned, I will only share what you indicate as shareable.</span></p>


<p class="x_MsoNormal" style="background:white"><span style="color:black"> </span></p>


<p class="x_MsoNormal" style="background:white"><span style="color:black">Respectfully,</span></p>


<div>


<p class="x_MsoNormal"><span style="color:black"> </span></p>


</div>


<div id="x_Signature">


<div>


<p class="x_MsoNormal"><span style="color:black"> </span></p>


</div>


<div>


<p class="x_MsoNormal"><span style="font-size:10.0pt; color:black">Mark Breunig</span></p>


</div>


<div>


<p class="x_MsoNormal"><span style="font-size:10.0pt; color:black">Alaska Cyber Group</span></p>


</div>


<div>


<p class="x_MsoNormal"><span style="font-size:10.0pt; color:black">Mobile: 907-795-8150</span></p>


</div>


<div>


<p class="x_MsoNormal"><span style="font-size:10.0pt; color:black">Email: <a href="mailto:mark.breunig@alaskacybergroup.org" title="mailto:mark.breunig@alaskacybergroup.org">


mark.breunig@alaskacybergroup.org</a></span></p>


</div>


<div>


<p class="x_MsoNormal"><span style="color:black"> </span></p>


</div>


</div>


</div>


</div>


</div>


</body>


</html>