One of America’s largest medical device companies is dealing with the aftermath of a significant cyberattack after an Iran-affiliated hacker group claimed responsibility for breaching its systems and making off with a massive amount of internal data.
Stryker, a Michigan-based company with 56,000 employees operating across 61 countries, confirmed the attack disrupted its global network. The company filed a report with the Securities and Exchange Commission acknowledging that the breach caused disruptions and limited access to some of its systems. In updates posted to its official website, Stryker stated it is continuing to work through the disruption and that the situation appears to be limited to its internal Microsoft environment.
The company has been clear that it has found no evidence of malware or ransomware involvement, which would typically signal a financially motivated attack. Instead, available evidence points to a more destructive type of intrusion one aimed at wiping data and crippling operations rather than holding them for ransom.
The group behind the attack
The Iran-linked hacker group known as Handala Team publicly claimed responsibility through posts on its Telegram channel, framing the incident as the opening move in what it described as a new phase of cyber conflict. The group alleged it obtained 50 terabytes of company data, which it claimed had been made accessible beyond Stryker’s control.
Handala Team has a history of publicizing its exploits across social media platforms, though multiple versions of its accounts have been taken down in recent days by both Telegram and X.
Cybersecurity firm Sophos, which has previously linked Handala Team to Iran’s Intelligence Ministry, offered insight into how the attack likely unfolded. Analysts believe the hackers gained access to Stryker’s Microsoft Intune account — a platform companies use to remotely manage corporate devices — and triggered a mass remote wipe, resetting some or all enrolled employee devices to factory settings. That feature is ordinarily used when a device is lost, stolen, or being retired from service.
Updates from Stryker
Stryker has been issuing rolling updates to keep customers and partners informed. As of the morning of March 12, the company confirmed that three of its key medical products — 1) Mako, 2) Vocera, and 3) LIFEPAK35 — remain fully operational and safe for use, a reassurance likely directed at hospitals and healthcare facilities that depend on its equipment.
The company also addressed order fulfillment directly, noting that orders placed before the attack have been logged and will ship once internal system communications are restored. Orders placed after the incident are currently being reviewed. Stryker added that communication with its employees and sales representatives by phone and email remains functional and safe.
The company said it is working to restore its electronic ordering system as quickly as possible and pledged to continue providing daily updates through its newsroom.
Broader context
The attack on Stryker is notable not just for its scale but for what it may represent. Since the conflict between the United States and Iran began, most Iran-linked hacker activity had been limited to lower-level disruptions — website defacements and espionage operations. Several major technology companies had previously indicated to media outlets that Iranian hacking efforts appeared concentrated on gathering intelligence related to the war.
The reported breach at Stryker appears to mark a shift toward more destructive action, drawing comparisons to Iran’s well-documented history of devastating cyberattacks, including the 2012 attack on Saudi Aramco and the 2014 breach of the Sands Casino.
Source: Times of India
Leave a Reply