Iran-Linked Hacktivists Claim Massive Data-Wiping Attack on Medical Giant Stryker
A hacktivist group with ties to Iran's intelligence apparatus claims it has destroyed data on more than 200,000 systems at Stryker, a global medical technology firm. The attack forced Stryker to send home over 5,000 workers at its Irish hub, while its U.S. headquarters activated a building emergency protocol.
Stryker [NYSE:SYK], based in Kalamazoo, Michigan, reported $25 billion in global sales last year and employs 56,000 people across 61 countries. The group, calling itself Handala, posted a lengthy manifesto on Telegram asserting that it erased data from servers, computers, and mobile devices at Stryker offices in 79 countries.
“All the acquired data is now in the hands of the free people of the world, ready to be used for the true advancement of humanity and the exposure of injustice and corruption,” the group’s statement read.
Handala said the wiper attack was retaliation for a Feb. 28 missile strike that hit an Iranian school, killing at least 175 people, most of them children. The New York Times reports that an ongoing U.S. military investigation has determined the United States was responsible for that Tomahawk strike.
Background
Handala is one of several hacker personas used by Void Manticore, a group affiliated with Iran’s Ministry of Intelligence and Security (MOIS), according to Palo Alto Networks researchers. The group first surfaced in late 2023 and has been linked to other destructive cyber operations.
A report Wednesday from the Irish Examiner said Stryker staff in Cork are now relying on WhatsApp for updates on when they can return to work. An unnamed employee told the newspaper that “anything connected to the network is down” and that “anyone with Microsoft Outlook on their personal phones had their devices wiped.”
“Multiple sources have said that systems in the Cork headquarters have been ‘shut down’ and that Stryker devices held by employees have been wiped out,” the Examiner added. “The login pages coming up on these devices have been defaced with the Handala logo.”
A call Wednesday morning to Stryker’s Michigan headquarters reached a voicemail message stating: “We are currently experiencing a building emergency. Please try your call again later.”
What This Means
Wiper attacks use malicious software to overwrite data on infected devices, making recovery difficult without backups. This incident could disrupt Stryker’s operations globally, potentially affecting the supply of medical and surgical equipment to hospitals and clinics.
The targeting of a medical technology firm raises concerns about patient care if Stryker’s systems remain down for an extended period. Cybersecurity experts warn that Iran-linked groups are increasingly using destructive attacks to retaliate against perceived U.S. actions, making such incidents a persistent threat to critical infrastructure.