A hacktivist group with ties to Iran's intelligence agencies has taken responsibility for a significant data-wiping attack on Stryker, a leading global medical technology firm based in Michigan. The attack reportedly forced the closure of Stryker's offices in 79 countries and affected over 200,000 systems, servers, and mobile devices.
Stryker, known for its $25 billion annual sales and 56,000 global employees, experienced a major disruption. The company’s main U.S. headquarters reported a building emergency on the day of the attack, while Irish reports indicated that more than 5,000 workers were sent home. Additionally, Stryker devices held by employees have been wiped clean, leaving them without access to critical systems and communications.
The hacktivist group, known as Handala or Handala Hack Team, released a manifesto stating that the stolen data will be used for 'true advancement of humanity.' This attack is reportedly in response to a recent U.S. missile strike on an Iranian school, which killed at least 175 people, most of them children.
Further investigation by The New York Times suggests that the United States may have been responsible for this deadly Tomahawk missile strike. Palo Alto Networks has linked Handala to Iran's Ministry of Intelligence and Security (MOIS), describing it as one of several online personas maintained by Void Manticore, an MOIS-affiliated actor.
The wiper attack is believed to be executed through Microsoft Intune, a cloud-based solution used for IT security. Reports indicate that Stryker employees were told to urgently uninstall Intune, causing further disruptions in operations. The impact of this attack extends beyond Stryker’s immediate network; healthcare providers are already experiencing difficulties due to the disruption in supply chains.
Healthcare professionals and industry experts have highlighted the severity of this breach, emphasizing its potential to disrupt surgical supplies and medical equipment critical for patient care.