Pro-Iran Hackers Attack Stryker in Retaliatory Cyberattack

Medical device maker Stryker experienced a significant cyberattack by pro-Iranian hackers, causing widespread disruptions to its global network. The attack was claimed by the hacker group Handala in retaliation for the deadly strike on the Shajareh Tayyiba girls school in Minab, Iran.

The 'wiper attack' targeted over 200,000 systems, servers, and mobile devices across Stryker's operations in 79 countries. Handala claimed to have extracted 50 terabytes of critical data from the company. The outages began shortly after midnight on the US East Coast on Wednesday, affecting Windows-based devices connected to Stryker’s systems.

Stryker confirmed the cyberattack in a statement, acknowledging global network disruptions but denying any indication of ransomware or malware. The company believes the incident is contained and has advised employees to avoid clicking on suspicious links and remove mobile device management apps from their cellphones. According to nypost.com, an employee reported that the disruption stopped work-issued phones from functioning, effectively halting operations at the 56,000-employee company.

The attack has impacted employees both in the United States and Ireland. Cybersecurity experts warn that this could have potential impacts on patient care and hospital operations. Stryker manufactures a range of medical equipment including orthopedic implants, surgical instruments, and imaging systems. The company serves over 150 million patients through its health equipment and services.

Handala's logo appeared on company login pages during the attack. In their statement, Handala wrote that they attacked Stryker 'in response to ongoing cyber assaults against the infrastructure of the Axis of Resistance.' The group claimed the attack was in retaliation for what it described as brutal attacks on Iranian interests.

The incident comes amid escalated threats from Iran against Western economic targets. According to theguardian.com, Stryker's share price dropped about 3% on news of the attack. Lee Sult, chief investigator at cybersecurity firm Binalyze, called it 'the first drop of blood in the water' as the Iran conflict spreads to US cyber targets.

Stryker stated that the attack is expected to continue causing disruptions and limitations of access to certain information systems and business applications. The company warned that the timeline for a full restoration is not yet known. In a filing to the Securities and Exchange Commission, Stryker noted that the full scope, nature, and impacts of the incident are not yet known.

According to theguardian.com, Handala is an Iranian hacktivist persona first observed in 2023. The group has claimed to have compromised multiple oil and gas organizations, spanning locations including Israel, Jordan, and Saudi Arabia. Intel 471, a threat intelligence company, stated that the recent surge in pro-Iranian hacktivist activity provides the Iranian regime with greater ability to project perceived power during a time of highly constrained domestic connectivity.

Iran has invested heavily in its offensive cyber capabilities and cultivated ties to hacking groups. According to apnews.com, Ismael Valenzuela, vice president of threat intelligence at the cybersecurity company Arctic Wolf, said 'What distinguishes this group is its clear focus on data destruction rather than...'

The attack highlights the growing risk of cyberattacks during ongoing conflicts and the potential economic disruption they can cause. According to techcrunch.com, Stryker secured a $450 million contract from the Department of Defense to supply medical devices to the U.S. military last year.