Meta News

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

Summary: A hacktivist group with ties to Iran’s intelligence agencies has claimed responsibility for a data-wiping attack on Stryker, a global medical technology company. The attack affected 79 countries and over 200,000 systems.

Advertisement Advertisement Skip to content
Home
About the Author
Advertising/Speaking
Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
March 11, 2026
45 Comments
A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan. News reports out of Ireland, Stryker's largest hub outside the United States, said the company sent home more than 5,000 workers there today. Meanwhile, a voicemail message at Stryker’s main U.S. headquarters says the company is currently experiencing a building emergency.

In a lengthy statement posted to Telegram, a hacktivist group known as Handala (a.k.a. Handala Hack Team) claimed that Stryker's offices in 79 countries have been forced to shut down after the group erased data from more than 200,000 systems, servers and mobile devices.

The group said the wiper attack was in retaliation for a Feb. 28 missile strike that hit an Iranian school and killed at least 175 people, most of them children. The New York Times reports today that an ongoing military investigation has determined the United States is responsible for the deadly Tomahawk missile strike.

Handala was one of several hacker groups recently profiled by Palo Alto Networks, which links it to Iran’s Ministry of Intelligence and Security (MOIS). Palo Alto says Handala surfaced in late 2023 and is assessed as one of several online personas maintained by Void Manticore, a MOIS-affiliated actor.

Stryker's website states that the company has 56,000 employees in 61 countries. A phone call placed Wednesday morning to the media line at Stryker’s Michigan headquarters sent this author to a voicemail message that stated, “We are currently experiencing a building emergency. Please try your call again later.” A report Wednesday morning from the Irish Examiner said Stryker staff are now communicating via WhatsApp for any updates on when they can return to work.

The attack has wide-ranging implications, affecting not only Stryker but also healthcare providers and its supply chain. One healthcare professional at a major university medical system in the United States told KrebsOnSecurity they are currently unable to order surgical supplies that they normally source through Stryker. “This is a real-world supply chain attack,” the expert said, who asked to remain anonymous because they were not authorized to speak to the press.

Key facts

  • 79 countries affected
  • 200,000 systems wiped
  • Wiper attack in retaliation for a missile strike
  • Impact on healthcare providers and supply chain

Why it matters

The cyber-attack on Stryker highlights the growing threat of Iran-backed hacktivist groups and their ability to disrupt global business operations. This incident underscores the vulnerability of supply chains in critical industries such as healthcare, potentially impacting patient care and medical supplies worldwide.

Key metrics

  • Affected Countries: E7851E (Number of countries where Stryker's offices have been impacted by the data-wiping attack.)
Tags:
cybersecurity hacking Iran medtech

Structured details

  • Industry: cybersecurity
  • Source type: media
  • Claim status: confirmed
  • Verification: claimed_by_source
  • Entities: Stryker, Handala Hack Team, Iran's Ministry of Intelligence and Security (MOIS), Palo Alto Networks, Void Manticore

Source: https://krebsonsecurity.com/2026/03/iran-backed-hackers-claim-wiper-attack-on-medtech-firm-stryker/

Published on