A group of hackers linked to Iran claims to have breached the servers of U.S. medical tech company Stryker, causing global disruptions. As of Wednesday morning, many of Stryker’s worldwide systems have been wiped, with some login pages displaying the hacker group’s logo instead.
The hacktivist group, Handala, took responsibility for the attack in a message posted on their X account. They stated the attack was in retaliation for the Minab school bombing by the U.S. military in Tehran, which killed over 175 people, mostly children, and due to ongoing cyber assaults on Iranian infrastructure. Although Stryker is not directly linked to the recent attacks on Iran, it has operations in Israel and secured a $450 million Department of Defense contract last year.
The hackers claim to have wiped over 200,000 systems, servers, and mobile devices and extracted 50 terabytes of critical data, forcing the closure of Stryker’s offices in 79 countries. According to The Wall Street Journal, some Stryker systems globally have been wiped, and others show the hackers’ logo on login pages.
A Stryker spokesperson told the Journal that teams are actively working to restore systems and operations and that business continuity measures are in place to serve customers. A notice to employees described a severe, global disruption affecting access to systems and services.
TechCrunch and the U.S. Cybersecurity and Infrastructure Security Agency did not immediately receive comments from the company. According to IBM X-Force Exchange, Handala emerged after Hamas’ October 7 attack on Israel and targets Israeli infrastructure, energy companies in the Gulf, and Western organizations. Handala uses various methods, including phishing, wiper malware, ransomware extortion, data theft, and hack-and-leak activities, focusing on healthcare and energy sectors.
Handala also maintains a website doxing Israelis who allegedly work for the Israeli Defense Forces and major defense and surveillance contractors. Israeli cybersecurity firm Check Point reported that since the war in Iran, Handala targets low-hanging systems, conducts hack-and-leak activities, and times stolen material releases for maximal impact.