CISA launches investigation into Stryker cyberattack

Igor Golovniov/SOPA Images/LightRocket via Getty Images

Featured eBooks
Health Tech
Read Now

CDM

Read Now

Future-Ready Workforce

Read Now
Insights & Reports
The Future of Federal IT: Smarter solutions for Efficient Government
Presented By Splunk
Download Now
From Compliance To Continuity: How Zero Trust Powers Operational Resilience
Presented By OWL Cyber Defense
Download Now
David DiMolfetta By David DiMolfetta,
Cybersecurity Reporter, Nextgov/FCW

By David DiMolfetta

|

The hack arguably represents the most significant cyber incident linked to the recent Iran war.

The Cybersecurity and Infrastructure Security Agency has launched an investigation into the hack of medical technology giant Stryker a day after an apparent pro-Tehran hacker group sabotaged employees’ devices around the world in response to the U.S.-Israel war against Iran.

The worldwide cyberattack wiped employees’ phones and prevented workers from accessing their computers. The logo of Handala, a pro-Iran and pro-Palestinian hacking group, reportedly appeared on employee login pages, and the hacking collective’s X account also claimed responsibility.

“We are working shoulder-to-shoulder with our public- and private‑sector partners as we continue to uncover relevant information and provide technical assistance for the targeted attack on Stryker, while steadfastly standing at the ready to defend our nation’s critical infrastructure,” CISA acting director Nick Andersen said in a statement to Nextgov/FCW. “As with all cyber incidents, we have launched an investigation into this matter.”

Stryker is based in Michigan and has business units worldwide. The company is one of the largest medical technology organizations in the world and specializes in creating devices and equipment for use in hospitals and surgeries. 

Pro-Iran hacking groups have made a habit of targeting any computer systems tied to nations deemed foreign adversaries to Tehran, especially the U.S. and Israel. In late 2023, amid the Israel-Hamas war, one hacker group defaced the interfaces of water treatment systems in Pennsylvania, which had Israel-made Unitronics equipment built inside.

In 2019, Stryker acquired Israeli medical technology company OrthoSpace. The company and some of its business units have major contracts with the departments of Defense and Veterans Affairs.

In a filing with the Securities and Exchange Commission, Stryker said it believes the hack is “contained” but is expected to continue causing “disruptions and limitations of access” to certain company information systems and applications supporting parts of their operations and functions.

The filing acknowledges a “cybersecurity incident” that impacted “certain information technology systems of the company that has resulted in a global disruption to the company’s Microsoft environment.”

“We’re in a new phase here, as this is our first public example of Iranian cyber retaliation in the course of this conflict,” said Alex Orleans, head of threat intelligence at cybersecurity firm Sublime Security. “Before, we were seeing mostly hacktivist groups or hacktivist front personas (including Handala) making unverifiable claims. Now we have an apparently concrete incident with a known Iranian intelligence front taking credit for the operation.”

“We expected to see some groups emerging from the rubble, so to speak, following the initial stage of this conflict. The nature of this incident functions as a strong leading indicator, in that it’s unlikely to have been an isolated case,” he added. “Additional Iranian state-nexus groups likely have attempted, or will attempt, similar disruptive operations in the near-term.”

On Thursday, Polish officials said Iran may have attempted to hack into the European nation’s National Centre for Nuclear Research.

NEXT STORY: Suspected pro-Iran hacker group tied to Stryker cyberattack