Iran-Linked Hackers Claim Responsibility for Cyberattack on Medical Giant Stryker

A cyberattack attributed to Iranian-linked hackers targeted U.S. medical equipment company Stryker on Wednesday, causing a global technology shutdown that locked thousands of employees out of company systems.

The attack forced Stryker, a major developer of medical technology products headquartered in Portage, Michigan, to instruct its workforce of over 56,000 across more than 60 countries to power down their computers and disconnect from all company mobile applications.

A hacker group identifying itself as Handala claimed responsibility for the breach on social media. According to NewsNation affiliate WOOD-TV, the group framed the attack as retaliation “for the brutal attack on the Minab school and in response to ongoing cyber assaults against the infrastructure of the Axis of Resistance.” The reference is to a recent incident in which a U.S. military review reportedly faulted the Pentagon for a strike on a girls’ school in the Iranian city of Minab.

In a statement released on LinkedIn, Stryker confirmed it was “experiencing a global network disruption to our Microsoft environment as a result of a cyber attack.” The company sought to alleviate concerns about data theft, stating, “We have no indication of ransomware or malware and believe the incident is contained.” They added that they are “working rapidly to understand the impact of the attack on our systems.”

An employee at the company told WOOD-TV that a message from the Handala group appeared on their screen when they attempted to open their browser. The disruption was severe, with reports indicating that remote devices running Microsoft Windows, including laptops and cellphones connected to Stryker’s network, had been completely wiped.

Investigation Launched Amidst Geopolitical Tensions

The U.S. Department of Homeland Security (DHS) has opened an investigation into the breach. Acting DHS Director Nick Andersen stated that the Cybersecurity and Infrastructure Security Agency (CISA) is providing technical assistance to Stryker and working with partners to uncover more information.

The attack comes just weeks after the U.S. and Israel launched a coordinated military campaign against Iran, which the U.S. has dubbed “Operation Epic Fury.” According to U.S. Central Command, that operation has involved strikes on over 5,000 Iranian sites. Iran has since launched retaliatory attacks against several nations in the region, and its leadership has stated it is not seeking a ceasefire.

While the attack on a commercial company is not an assault on critical national infrastructure like the power grid, experts warn it is part of a growing trend of disruptive cyber warfare. Michael Vatis, who founded the FBI’s computer crime and infrastructure protection program, told NewsNation that while this specific incident may not be catastrophic on its own, it could be a sign of more significant threats to come. He also noted that Stryker’s 2019 purchase of Israeli medical tech company OrthoSpace may have made it a more attractive target.

Who is Handala?

Handala is an Iran-connected hacker group that has previously claimed responsibility for several high-profile cyber operations, primarily targeting Israeli entities. The group is named after a famous Palestinian cartoon character, a common tactic used by hacker groups to mask state sponsorship with ideological cover.

Vatis explained that Iran, much like Russia, often utilizes a mix of proxy actors who are ideologically aligned and may receive state support, as well as government units that pose as independent activists. The attack on Stryker fits a pattern of increasingly aggressive Iranian cyber activity, which has evolved from espionage to include disruptive and destructive attacks over the past decade.

FBI Director Kash Patel addressed the broader cyber threat on Tuesday, stating the bureau is implementing a “sweeping Cyber strategy pursuant to President Trump’s ‘Cyber Strategy for America’” with the goal of imposing “real cost on those who target Americans in cyberspace.”