Iranian-linked hackers have taken responsibility of carrying out a cyberattack on US-based medical equipment company Stryker, shutting down technology operations across its global offices. Staff and contractors reported that a logo of an Iran-linked group appeared on the login page.
The company acknowledged the attack, calling it 'severe' in communication with employees. According to Wall Street Journal, staff members said cellphones, laptops, and other devices running Microsoft Windows had been wiped.
In a lengthy statement posted to Telegram, Handala claimed that Stryker's offices in 79 countries were forced to shut down after the group erased data from more than 200,000 systems, servers, and mobile devices, and that 50 terabytes of data had been seized.
IBM X-Force Exchange identifies Handala as a "pro-Palestinian, Iran-aligned hacktivist threat group that emerged in late 2023 following the onset of the Gaza conflict." Palo Alto Networks links Handala to Iran's Ministry of Intelligence and Security.
Handala called the attack a retaliation for a strike on the Minab school and "in response to ongoing cyber assaults against the infrastructure of the Axis of Resistance." A strike on a primary school in Minab on March 3, 2026, killed more than 170 people, most of them schoolgirls.
Why Stryker?
The Handala manifesto referred to Stryker as a "Zionist-rooted corporation," possibly referencing the company's 2019 acquisition of the Israeli company OrthoSpace. Stryker also has significant contracts with the Departments of Defense and Veterans Affairs.
Before the attack, FBI Director Kash Patel said the bureau is "working 24/7 to stay ahead of the threat and implement a sweeping Cyber strategy," vowing to impose real costs on those who target Americans in cyberspace.
