Iran-Linked Hackers Target Stryker, U.S. Medical Tech Firm
KALAMAZOO, Michigan – A cyberattack attributed to a hacking group with ties to Iran has disrupted global networks at Stryker, a leading U.S. medical technology company headquartered in Michigan. The attack, which began Wednesday, represents a significant development, potentially marking the first major instance of Iran directly targeting an American company since escalating tensions between the two nations.
The hacking group, identified as Handala Team, claimed responsibility for the attack via posts on Telegram and X, platforms where they routinely boast about their exploits. While previous Iranian-linked cyber activity has largely focused on espionage or minor website alterations, this incident appears to be a more destructive “wiper” attack, similar to those historically employed against targets like Saudi Aramco in 2012 and the Sands Casino in 2014.
According to a Stryker employee, who requested anonymity due to not being authorized to speak for the company, work-issued phones stopped functioning, severely hindering communication and operations. Cybersecurity experts believe the hackers gained access to Stryker’s Microsoft Intune account, a system used to manage corporate devices, and remotely wiped data from enrolled devices.
“They seem to have obtained access to the Microsoft Intune management console,” explained Rafe Pilling, director of threat intelligence at Sophos, a cybersecurity firm that has linked Handala to Iran’s Intelligence Ministry. “One of the features is the ability to remotely wipe a device… Looks like they triggered that for some or all of the enrolled devices.”
Stryker released a statement acknowledging the “global network disruption to our Microsoft environment” but asserted that its systems were not directly hacked and that ransomware was not involved. The company stated it believes the incident is contained, but did not provide further details.
Microsoft has not yet commented on the incident.
While the full extent of the damage remains unclear, the attack highlights the growing threat of cyber warfare and the potential for disruption to critical infrastructure, including the healthcare sector. The U.S. government has previously warned of Iran’s increasing cyber capabilities and its willingness to use them for malicious purposes.
