A hacktivist group known as Handala, linked to Iran’s intelligence agencies, has claimed responsibility for a data-wiping attack on Stryker, a major global medical technology firm. According to reports, over 5,000 workers at Stryker’s Irish headquarters have been sent home after the company shut down its network. Stryker, based in Kalamazoo, Michigan, employs more than 56,000 people across 61 countries and generated $25 billion in global sales last year.
In a statement posted to Telegram, Handala announced that they had wiped data from over 200,000 systems, servers, and mobile devices in 79 different countries. The group claimed the attack was in retaliation for a Feb. 28 missile strike that hit an Iranian school and killed at least 175 people, most of them children. A U.S. military investigation has determined that this attack may have been carried out by American forces.
Palo Alto Networks linked Handala to Iran’s Ministry of Intelligence and Security (MOIS), noting that the group had previously targeted Israel and occasionally other countries for specific agendas. The security firm reported that Handala used Microsoft Intune, a cloud-based service, to issue remote wipe commands against Stryker devices.
The attack has severely impacted Stryker’s operations. A voicemail at Stryker’s main U.S. headquarters states they are currently experiencing a building emergency. An Irish Examiner report claims that Stryker employees are communicating via WhatsApp for updates on when they can return to work, with systems and Outlook devices wiped.
Healthcare providers are also feeling the impact of this attack. A major university medical system in the U.S. is unable to order surgical supplies normally sourced through Stryker due to network disruptions.