Ethical Hacking News
Iran-backed hackers claim responsibility for a massive data-wiping attack against Stryker, a multinational medical device company with operations in 79 countries. The attack resulted in the erasure of sensitive data from over 200,000 systems, servers, and mobile devices. As the investigation continues, experts are calling for greater vigilance and cooperation to protect critical infrastructure.
In a shocking revelation, an Iranian-backed hacktivist group called Handala claims responsibility for a devastating data-wiping attack against Stryker. The attack resulted in the erasure of sensitive data from over 200,000 systems, servers, and mobile devices across 79 countries. The motive behind the attack was retaliation for a February missile strike that hit an Iranian school, killing at least 175 people. Stryker's largest hub outside the US, located in Ireland, was affected by the attack. The attack used Microsoft Intune to issue a remote wipe command against all connected devices, erasing sensitive data from employees' personal phones and devices. The incident highlights vulnerabilities in the global medical technology industry and raises concerns about potential future attacks on medical device manufacturers and hospitals.
In a shocking revelation that has sent shockwaves throughout the global medical technology community, it has been reported that an Iranian-backed hacktivist group known as Handala (also referred to as Handala Hack Team) claims responsibility for a devastating data-wiping attack against Stryker, a multinational medical device company based in Michigan, USA. The attack, which was carried out last week, resulted in the erasure of sensitive data from over 200,000 systems, servers, and mobile devices across 79 countries, including Stryker's largest hub outside the United States, located in Ireland.
According to a statement posted on Telegram by Handala, the group's motives for carrying out the attack were rooted in retaliation for a February 28 missile strike that hit an Iranian school, killing at least 175 people, most of whom were children. The New York Times has since reported that an ongoing military investigation has determined that the United States is responsible for the deadly Tomahawk missile strike.
Stryker, which has over 56,000 employees in 61 countries, confirmed that it was experiencing a "building emergency" and had sent home more than 5,000 workers at its Irish headquarters. A voicemail message left by Stryker's main U.S. headquarters instructed callers to try again later.
The attack, which was described as a "mass data-wiping attack," utilized a Microsoft service called Microsoft Intune to issue a "remote wipe" command against all connected devices. This action resulted in the erasure of sensitive data from employees' personal phones and devices, including those equipped with Microsoft Outlook.
Palo Alto Networks, a cybersecurity firm that has been monitoring Handala's activities, links the group to Iran's Ministry of Intelligence and Security (MOIS) and describes them as one of several online personas maintained by Void Manticore, a MOIS-affiliated actor. According to Palo Alto researchers, recent observed activities by Handala have been opportunistic and "quick and dirty," with a notable focus on supply-chain footholds to reach downstream victims.
The attack has also drawn attention to the vulnerabilities in the global medical technology industry, particularly those companies that rely heavily on IT services and software solutions. The fact that Stryker's systems were targeted by a group known for its ties to Iranian intelligence agencies raises concerns about the potential for future attacks against other medical device manufacturers and hospitals.
In response to the attack, several experts have called for increased vigilance and cooperation between governments and private sector companies to prevent similar attacks in the future. "The fact that this company is being targeted by a group with clear ties to Iranian intelligence agencies highlights the need for greater awareness and action to protect our critical infrastructure," said a cybersecurity expert who spoke on condition of anonymity.
As the investigation into the attack continues, it remains to be seen whether Handala will be held accountable for its actions. However, one thing is certain: this devastating attack has sent shockwaves throughout the global medical technology community and highlights the need for greater vigilance and cooperation in the face of growing cyber threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Iran-Backed-Hackers-Claim-Wiper-Attack-on-Global-Medical-Technology-Company-Stryker-ehn.shtml
https://krebsonsecurity.com/2026/03/iran-backed-hackers-claim-wiper-attack-on-medtech-firm-stryker/
https://www.securityweek.com/medtech-giant-stryker-crippled-by-iran-linked-hacker-attack/
https://cybersecuritynews.com/stryker-cyber-attack/
https://www.geo.tv/latest/655225-who-are-handala-everything-you-need-to-know-about-hacktivist-group-behind-stryker
https://cyberint.com/blog/threat-intelligence/handala-hack-what-we-know-about-the-rising-threat-actor/
https://brandefense.io/blog/void-manticore-apt-2025/
https://research.checkpoint.com/2024/bad-karma-no-justice-void-manticore-destructive-activities-in-israel/
Published: Wed Mar 11 12:48:30 2026 by llama3.2 3B Q4_K_M
