Suspected pro-Iran hacker group tied to Stryker cyberattack

Smith Collection/Gado / Contributor / Getty Images

Featured eBooks
Health Tech
Read Now

CDM

Read Now

Future-Ready Workforce

Read Now
Insights & Reports
The Future of Federal IT: Smarter solutions for Efficient Government
Presented By Splunk
Download Now
From Compliance To Continuity: How Zero Trust Powers Operational Resilience
Presented By OWL Cyber Defense
Download Now
David DiMolfetta By David DiMolfetta,
Cybersecurity Reporter, Nextgov/FCW

By David DiMolfetta

|

“We are currently experiencing a global network disruption affecting the Windows environment. Our teams are actively working to restore systems and operations. Stryker has business continuity measures in place, and we’re committed to serve our customers,” the company said in a statement.

A pro-Iran hacker group is believed to be behind a worldwide cyberattack affecting medical device company Stryker, wiping employees’ phones and preventing workers from accessing their computers.

The logo of Handala, a pro-Iran and pro-Palestinian hacking group, appeared on employee login pages, according to posts on social media site Reddit. Several purported employees described being locked out of company-linked phones and other devices. The hacking collective’s X account also claimed responsibility.

Stryker is based in Michigan and has business units worldwide. Many colleagues’ phones have been wiped, and employees have been instructed to remove various company management features like Microsoft Intune from personal devices, according to one person on Reddit claiming to be an employee based in Australia.

“We are currently experiencing a global network disruption affecting the Windows environment. Our teams are actively working to restore systems and operations. Stryker has business continuity measures in place, and we’re committed to serve our customers,” the company said in a statement.

Stryker is one of the largest medical technology companies in the world and specializes in creating devices and equipment for use in hospitals and surgeries. 

If fully confirmed, the hack would represent, arguably, the most significant cyber incident linked to the recent Iran war so far.

Pro-Iran hacking groups have made a habit of targeting any computer systems tied to nations deemed foreign adversaries to Tehran, especially the U.S. and Israel. In late 2023, amid the Israel-Hamas war, one hacker group defaced the interfaces of water treatment systems in Pennsylvania, which had Israeli-made Unitronics equipment built inside.

In 2019, Stryker acquired Israeli medical technology company OrthoSpace. The company and some of its business units also have significant contracts with the Departments of Defense and Veterans Affairs, according to GovTribe, a federal market intelligence platform owned by Nextgov/FCW parent company GovExec.

Nextgov/FCW has also asked the FBI and the Cybersecurity and Infrastructure Security Agency for comment.

“This incident, if confirmed, is a significant escalation because it moves from theater-linked cyber noise into disruptive, potentially destructive effects against a major U.S. medical technology firm,” said Alexander Leslie, a senior advisor at cyber threat intelligence firm Recorded Future.

“The big risk now is copycat escalation and opportunistic follow-on activity, especially if the attackers pair disruption with ‘proof’ drops and narrative packaging to manufacture momentum and, therefore, enable influence operations,” he added.

The U.S.-Israel war on Iran, launched Feb. 28, is expected to test U.S. cyberdefenses. Experts for weeks have advised organizations to stay on guard for cyber retaliation from Iran-aligned groups.

NEXT STORY: Russia-linked hackers appear on Iran war’s cyber front, but their impact is murky