What Happened
Medical equipment maker Stryker was hit with an Iran-linked cyberattack just after midnight ET on Wednesday, causing a global outage. Staff and contractors reported that the logo of the hacking group Handala appeared on Microsoft Entra login pages, with Windows-based devices including cellphones and laptops wiped across the organization.
Stryker confirmed it is “experiencing a global network disruption to our Microsoft environment as a result of a cyberattack,” adding that it found no indication of ransomware or malware and believes the incident is contained.
Who Did It
The hacktivist group Handala claimed responsibility, stating they attacked Stryker in retaliation for the bombing of a girls’ school in Minab, Iran — which killed more than 175 people, most of them children — and in response to ongoing cyber operations against Iran and its allies.
Handala had previously claimed several high-profile cyber operations, most notably in Israel. Iran has increasingly invested in cyber warfare capabilities, particularly following the 2010 Stuxnet attack attributed to the U.S. and Israel.
Scale of the Attack
Handala claimed that over 200,000 systems, servers, and mobile devices were wiped, 50 terabytes of critical data were extracted, and Stryker’s offices across 79 countries were forced to shut down.
Employee accounts on Reddit described colleagues’ phones being wiped and receiving instructions to remove Microsoft Intune from personal devices. Employees were locked out of company-linked phones and computers globally.
Why Stryker
Stryker does not appear directly linked to the attacks on Iran, though it has operations in Israel and last year secured a $450 million Department of Defense contract to supply medical devices to the U.S. military. Analysts suggest the Israeli connection and DoD ties made Stryker a symbolic target.
Recovery Status
As of Wednesday afternoon, Stryker filed regulatory disclosures stating it expects the breach to continue disrupting operations and that “the timeline for a full restoration is not yet known.”
Shares of Stryker (NYSE: SYK) fell nearly 4% in early afternoon trading on Wednesday.
Broader Geopolitical Context
The cyberattack comes weeks after the U.S. and Israel jointly launched coordinated strikes on Iran — dubbed “Operation Epic Fury” — hitting more than 5,000 Iranian sites. Iran’s parliament speaker has stated the country is “definitely not looking for a ceasefire.”
Cybersecurity experts are warning that too much focus remains on financially motivated attackers, while nation-state adversaries like Iran, China, and Russia have the means and intent to deliver far more disruptive strikes on critical infrastructure.
Interesting read.
Pingback: Wiped From Within The Stryker Aftermath – TheCyberThrone
Pingback: TheCyberThrone CyberSecurity Newsletter Top 5 Articles – March 2026 – TheCyberThrone