A hacker group claiming ties to Iran says it has breached the servers of U.S. medical technology company Stryker, causing disruptions across the company’s global network.
As of Wednesday morning, several of Stryker’s systems worldwide appeared to have been wiped, while some login pages displayed the logo of the hacker group.
The group, known as Handala, claimed responsibility for the attack in a message posted on an account on the social platform X believed to belong to the organization.
Hackers Cite Retaliation Motive
In its message, the group said the attack was carried out “in retaliation for the brutal attack on the Minab school and in response to ongoing cyber assaults against the infrastructure” of Iran and its allies.
The statement referenced the Minab girls’ school in Tehran, which the hackers said had been targeted during recent U.S. military strikes in Iran.
The U.S. military has reportedly conducted attacks in Iran during the ongoing conflict, though Stryker does not appear to have a direct connection to those events.
Stryker manufactures medical devices and technology used by hospitals and healthcare providers.
The company does have operations in Israel and last year secured a $450 million contract from the U.S. Department of Defense to supply medical equipment to the military.
Hackers Claim Systems Wiped And Data Stolen
The hackers said they wiped more than 200,000 systems, servers, and mobile devices belonging to the company.
They also claimed to have extracted 50 terabytes of data and said Stryker offices in 79 countries had been forced to shut down.
However, reporting from The Wall Street Journal indicates that some of Stryker’s systems have indeed been wiped and others show the group’s logo on login screens.
Company Confirms Global Network Disruption
Stryker confirmed that it is experiencing a widespread disruption affecting parts of its network.
“Stryker is experiencing a global network disruption to our Microsoft environment as a result of a cyberattack,” a company spokesperson told TechCrunch.
“We have no indication of ransomware or malware and believe the incident is contained.”
The company said its teams are working to restore systems and maintain operations.
“Our teams are actively working to restore systems and operations as quickly as possible. Stryker has business continuity measures in place, and we’re committed to continuing to serve our customers,” the spokesperson said.
According to The Wall Street Journal, an internal notice sent to employees described the disruption as severe.
“Stryker is currently experiencing a severe, global disruption across the Windows environment impacting both client devices and servers,” the message reportedly said.
“The issue is widespread and significantly affecting users’ ability to access systems and services.”
The U.S. Cybersecurity and Infrastructure Security Agency did not immediately respond to requests for comment.
Handala Group Known For Ideological Cyber Campaigns
Security researchers say the Handala group emerged after the October 7 attack by Hamas on Israel.
According to IBM’s X-Force Exchange threat intelligence platform, the group has targeted Israeli civilian infrastructure, energy companies in the Gulf region, and Western organizations.
IBM described the group’s operations as focused on creating disruption and psychological impact.
The organization has used tactics including phishing attacks, wiper malware, ransomware-style extortion attempts, data theft, and hack-and-leak campaigns.
IBM also noted that the group’s public statements sometimes include exaggerated claims about the scale of breaches.
Group Has Targeted Defense And Surveillance Firms
Handala also operates a website where it publishes information about individuals it claims are connected to Israeli military or defense organizations.
The site reportedly lists dozens of Israelis allegedly linked to the Israel Defense Forces as well as employees of defense and surveillance companies such as Elbit Systems and NSO Group.
Israeli cybersecurity firm Check Point said in a recent report that Handala has intensified activity since the start of the conflict involving Iran.
The company said the group often targets vulnerable systems and times the release of stolen data to maximize pressure on organizations.
Featured image credits: Pexels
For more stories like it, click the +Follow button at the top of this page to follow us.