Pro-Iran Hacktivist Group Handala Claims Responsibility for Devastating Cyberattack on Stryker Corporation
In a significant escalation of cyber warfare, the pro-Iran hacktivist group known as Handala has claimed responsibility for a massive cyberattack on Stryker Corporation, a leading U.S.-based medical technology company. This attack has resulted in widespread disruptions across Stryker’s global operations, affecting systems in 79 countries.
As of Wednesday morning, numerous Stryker systems worldwide have been compromised. Many have been wiped clean, while others display the emblem of the Handala group on login pages, signaling the extent of the breach.
Handala announced their involvement through a message on their X account, stating that the attack was in retaliation for the brutal attack on the Minab school and in response to ongoing cyber assaults against the infrastructure of Iran and its allies. This refers to the recent bombing of the Minab girls’ school in Tehran by the U.S. military, which reportedly resulted in the deaths of over 175 individuals, predominantly children.
Stryker, renowned for its production of medical devices and hospital technologies, does not have a direct connection to the recent military actions in Iran. However, the company maintains operations in Israel and, in the previous year, secured a $450 million contract from the U.S. Department of Defense to supply medical equipment to the military.
The hackers claim to have wiped over 200,000 systems, servers, and mobile devices, extracting 50 terabytes of critical data. They assert that Stryker’s offices in 79 countries have been compelled to shut down due to the attack.
These assertions appear to hold some validity. Reports indicate that several Stryker systems globally have been erased, with others displaying the hackers’ logo on login interfaces.
A Stryker spokesperson addressed the situation, stating, Stryker is experiencing a global network disruption to our Microsoft environment as a result of a cyberattack. We have no indication of ransomware or malware and believe the incident is contained. The company is actively working to restore systems and operations promptly, emphasizing their commitment to serving customers despite the disruption.
An internal notice to employees highlighted the severity of the situation: Stryker is currently experiencing a severe, global disruption across the Windows environment impacting both client devices and servers. The issue is widespread and significantly affecting users’ ability to access systems and services.
Handala, the group behind this attack, emerged following Hamas’ October 7 attack on Israel. They have since targeted Israeli civilian infrastructure, energy companies in the Gulf region, and Western organizations. Their operations are characterized by disruptive and psychological impacts, employing tactics such as phishing, custom wiper malware, ransomware-style extortion, data theft, and hack-and-leak activities. Their campaigns consistently feature ideological messaging, exaggerated breach claims, and deliberate targeting of critical sectors like healthcare and energy.
The group’s website lists and exposes personal information of numerous Israelis allegedly associated with the Israeli Defense Forces and major defense and surveillance contractors, including Elbit Systems and NSO Group.
Recent reports suggest that since the onset of the war in Iran, Handala has been engaging in low-hanging system breaches, conducting hack-and-leak activities, and timing the release of stolen material to maximize pressure on their targets.
This incident underscores the escalating cyber threats faced by global corporations, especially those operating in sensitive sectors. It highlights the need for robust cybersecurity measures and international cooperation to combat such sophisticated cyberattacks.
