The medical technology company Stryker has announced efforts to restore its computers and internal network following a cyberattack that reportedly allowed pro-Iranian hackers to remotely erase tens of thousands of employee devices.
This hack has caused ongoing disruption to the company’s operations and is believed to be the first significant cyberattack in the U.S. in response to the Trump administration’s conflict with Iran.
In a recent update, Stryker stated that the March 11 cyberattack was contained to its internal Microsoft environment, assuring that its internet-connected medical products remain “safe to use.”
While the breach is under investigation, the company noted there is no evidence of ransomware or malware. However, their ability to process orders, manufacture, or ship devices is still disrupted.
The hacking group Handala claimed responsibility for the breach, citing it as retaliation for a U.S. airstrike on an Iranian school that resulted in 175 casualties, mainly children. They also defaced the company’s login pages with their logo.
As reported by Bleeping Computer, the attackers may have exploited an internal Stryker administrator account providing extensive access to their Windows network. This access allegedly allowed entry to the company’s Microsoft InTune dashboards, used for managing employee devices remotely, including data deletion in the event of loss or theft.
Compromising the company’s InTune dashboards would enable the remote wiping of phones and laptops, both work-related and personal, without employing malware.
The Wall Street Journal confirmed that the attack targeted InTune.
A Stryker spokesperson did not respond to inquiries about the breach, including whether the allegedly compromised account was using multi-factor authentication.
Details on how access was gained to Stryker’s network remain unclear. Security experts from Palo Alto Networks suggest that phishing could have been used to compromise the network. IBM identifies the Iran-aligned group as known for phishing and destructive attacks, targeting sectors like healthcare and energy. Infostealer malware, which captures passwords and credentials, might also be involved.</