Pro-Iranian Hackers Paralyze Stryker’s Operations by Wiping Thousands of Devices
In a significant cyberattack, medical technology leader Stryker is working to restore its internal systems after pro-Iranian hackers remotely erased data from tens of thousands of employee devices. This breach has caused widespread operational disruptions and is considered the first major cyber incident in the U.S. linked to the recent conflict with Iran.
On March 11, Stryker’s internal Microsoft environment was compromised, leading to the deletion of data across numerous employee devices. The company has assured that its internet-connected medical products remain safe for use. However, the attack has significantly impacted Stryker’s ability to process orders, manufacture, and ship devices, affecting its global operations.
The pro-Iranian hacking group Handala has claimed responsibility for the attack. They stated that the breach was retaliation for a U.S. airstrike on an Iranian school, which resulted in the deaths of at least 175 people, mostly children. Handala also defaced Stryker’s login pages with their logo, further asserting their involvement.
Reports suggest that the hackers may have gained access through an internal Stryker administrator account, providing them with extensive control over the company’s Windows network. This access potentially allowed them to utilize Microsoft’s Intune platform to remotely wipe data from employee laptops and mobile devices, including personal devices, without deploying traditional malware.
The exact method by which the hackers infiltrated Stryker’s network remains under investigation. Security experts from Palo Alto Networks indicate that Handala often employs phishing tactics to compromise networks. IBM’s analysis describes Handala as a group that uses phishing, custom wiper malware, and other techniques to target sectors like healthcare and energy, aiming to create disruptive and psychological impacts.
Stryker, with a workforce of 56,000 across more than 60 countries, is actively working to restore its systems and resume normal operations. The company has not provided a timeline for full recovery but is committed to addressing the breach and reinforcing its cybersecurity measures to prevent future incidents.
