Iranian-linked hackers cite airstrike on school for cyberattack on medical firm

A crippling cyberattack on Stryker, a global medical technology company is linked to an Iranian hacker group. — Image credit: Jakub Porzycki/NurPhoto via Getty Images

Full story

An Iranian-linked hacker group that took credit for a cyberattack against a global medical technology company on Wednesday said it was spurred to action by the airstrike against an elementary school in Iran.

The group, known as Handala, is accused of carrying out a wiper attack against devices tied to the US-based company Stryker. Wiper attacks use specialized malware designed to permanently delete or corrupt data.

Download the SAN app today to stay up-to-date with Unbiased. Straight Facts™.

Point phone camera here

An employee for Stryker in Cork, Ireland, where the company employs several thousand people, told the Irish Examiner that the cyberattack affected devices connected to its network, including personal phones.

Internal login and admin pages used by employees in Cork now reportedly show the logo for Handala, which describes itself as a pro-Palestinian hacking group. Handala is suspected by cybersecurity firms of having ties to Iranian intelligence.

A spokesperson for Stryker described Wednesday’s incident as “a global network disruption,” stating that its “teams are actively working to restore systems and operations as quickly as possible.”

In a post to its website, Handala said it carried out the attack against Stryker, which it called a “Zionist-rooted corporation,” in retaliation for the airstrike against the Shajarah Tayyebeh elementary school in Minab, Iran, on Feb. 28.

Handala said the cyberattack resulted in the destruction of 50 terabytes of data from more than 200,000 systems, servers and mobile devices linked to Stryker. Straight Arrow News reached out to Stryker to inquire about the claim, but did not receive a reply.

The hacker group ended its post by referring to the U.S. and its allies as “demons” with ties to deceased sex offender Jeffrey Epstein before issuing a warning: “This is only the beginning of a new chapter in cyber warfare. To all those plotting attacks on the infrastructure of the Axis of Resistance: The era of hit-and-run is over!”

Wednesday’s incident is believed to be the first destructive cyberattack against a Western entity in response to the ongoing war with Iran. Prior to the conflict, Handala frequently took credit for hacking Israeli companies and individuals, including former Prime Minister Ehud Barak.

Handala did not respond to a request for comment from SAN.

Mikael Thalen

Mikael Thalen is a tech reporter for Straight Arrow News, where he covers cybersecurity, surveillance, hacking and digital privacy.

Alan Judd

Alan Judd is a senior content editor for Straight Arrow News. He is a longtime journalist who most recently was a writer and editor for Scripps News

Tags: cyber crimes, Cybersecurity, Iran, Cyber attack

Why this story matters

A cyberattack against a U.S. medical technology company has disrupted operations and affected employee devices, marking the first destructive hack against a Western entity linked to the Iran conflict.

Network disruption at medical technology firm

Stryker confirmed a global network disruption affecting its systems and operations, with employees reporting affected devices including personal phones connected to the company network.

Retaliatory attack

Handala said it carried out the attack against Stryker, which it called a “Zionist-rooted corporation,” in retaliation for a U.S. airstrike against an Iranian elementary school on Feb. 28.

First Western target in Iran conflict

Cybersecurity experts believe this is the first destructive cyberattack against a Western company in response to the ongoing war with Iran, expanding the conflict's digital front.