Medical technology giant Stryker has been targeted by a highly disruptive cyberattack carried out by an Iran-linked hacker group.
Stryker is a Fortune 500 company that specializes in the manufacturing of surgical equipment, orthopedic implants, and neurotechnology. Headquartered in Michigan, the company employs approximately 56,000 people and reported over $25 billion in revenue for 2025. Its critical role in the healthcare supply chain makes it an essential partner for hospitals worldwide.
The Iran-linked hacker group named Handala has taken credit for the attack, claiming to have struck an “unprecedented blow” to the company.
The hackers claim to have wiped more than 200,000 servers, mobile devices, and other systems, forcing Stryker to shut down offices in 79 countries. They also allegedly stole 50TB of data from the company’s systems.
Handala has been highly active since the start of the US-Israel-Iran conflict.
The Wall Street Journal reported [paywalled] on Wednesday that Stryker has confirmed dealing with a cyber incident that resulted in a global outage, with staff and contractors seeing the Handala logo on login pages.
The attack reportedly wiped phones, laptops, and other devices configured to connect to Stryker’s network. Windows systems appear to have been hit particularly hard.
Stryker advised workers not to turn on company devices and to disconnect from all networks immediately, WSJ reported.
SecurityWeek has reached out to Stryker for comment and will update this article if the company responds.
The Handala group has been closely monitored by cybersecurity firms tracking activity surrounding the US-Israel-Iran war.
On the surface, Handala is a hacktivist group aligned with pro-Palestinian and anti-Israeli sentiment. However, many in the cybersecurity community believe it’s a front for Void Manticore, a threat actor sponsored by the Iranian government.
The hackers are known for phishing, data theft, extortion, and destructive attacks involving custom wiper malware. Threat intelligence company Flashpoint reported that the group has also been involved in information operations and psychological warfare.
Since the start of the Iran war, Handala has claimed to have wiped Israeli military weather servers, intercepted security feeds in Jerusalem, stolen and wiped data from the systems of various companies, doxxed Israeli intelligence officers, and hacked an Israeli oil and gas exploration company.
The group often boasts about its alleged achievements on its Telegram and X accounts, but its claims are often difficult to verify.
Related: Iranian APT Hacked US Airport, Bank, Software Company
Related: Iranian Strikes on Amazon Data Centers Highlight Industry’s Vulnerability to Physical Disasters
