Iran-Aligned Hackers Hit Stryker, Disrupt Microsoft Network
Stryker said a cyberattack disrupted its Microsoft environment and much of its infrastructure, while Handala Hack claimed responsibility and security researchers warn pro-Iranian groups have expanded attacks since the war began Feb. 28.
ARS TechnicaThe who, what, and why of the attack that has shut down Stryker's Windows network
PBS NewsHourIran-linked hackers take aim at U.S. and other targets, raising risk of cyberattacks during war
ABC NewsIran-linked hackers take aim at US and other targets, raising risk of cyberattacks during war
Breitbart NewsIranian Hackers Suspected to Be Behind Cyberattack on Medical Giant Stryker
Overview
Stryker confirmed a cyberattack disrupted its Microsoft environment and took down much of its infrastructure, and Handala Hack claimed responsibility.
Security professionals had warned of destructive retaliatory hacks, and pro-Iranian hackers have targeted U.S. and Middle Eastern sites since the war began Feb. 28, according to researchers.
Stryker said responders believe the incident is contained and limited to its internal Microsoft environment and that they have no indication ransomware or malware were involved, according to an SEC filing.
Researchers reported pro-Iranian hackers have targeted data centers, industrial facilities in Israel, a school in Saudi Arabia and an airport in Kuwait, and CrowdStrike detected a surge of Russian activity supporting Tehran.
Stryker said Lifepak, Lifenet and Mako devices were functioning normally, but the company had no timeline for restoring normal operations, and experts urged organizations to patch systems and prepare for disruption.
Analysis
Center-leaning sources frame the Stryker incident as a notable escalation by foregrounding Iran-linked culpability and destructive intent. They emphasize historic “wiper” attacks (Aramco, Sands), highlight Handala’s claims and cybersecurity firms’ links to Iran, and spotlight expert detail about Microsoft Intune wipes—creating a narrative of state‑tied escalation.
FAQ
Handala is an Iranian-linked hacking group, often described as pro-Palestinian hacktivists tied to Iran's Ministry of Intelligence and Security, that claimed responsibility for the destructive cyberattack on Stryker's Microsoft environment via their Telegram channel.
Stryker stated there is no indication of ransomware or malware involvement, and they believe the incident is contained to their internal Microsoft environment.
The attack caused a global network disruption to Stryker's Microsoft environment, wiping remote Windows devices like laptops and cellphones, leading to outages in systems including electronic ordering, but critical medical devices like Lifepak, Lifenet, and Mako remained functional.
Yes, pro-Iranian hackers have targeted data centers and industrial facilities in Israel, a school in Saudi Arabia, and an airport in Kuwait since the war began on February 28, with researchers noting expanded activities.
Stryker activated business continuity measures, instructed employees to disconnect devices, is restoring systems like electronic ordering, and confirmed no impact on critical devices or patient care at hospitals like Providence and MultiCare.
