- Iran-Linked Handala Group Claims Stryker Cyberattack
- 50 TB of data stolen, more than 200,000 systems wiped
- SEC Filing Confirms Major Disruptions to Global Operations
A threat actor apparently linked to the Iranian regime claims to have attacked an American medical technology giant, returning it to the era of pencil and paper.
A group calling itself Handala (also known as Hatef, Hamsa) broke into Stryker, a Fortune 500 healthcare technology company with tens of billions in annual sales, stole 50 terabytes of data and wiped “tens of thousands of systems and servers across the company’s network.”
“In this operation, more than 200,000 systems, servers and mobile devices were wiped, and 50 terabytes of critical data were extracted,” the attackers reportedly said. “Stryker offices in 79 countries have been forced to close.”
Article continues below.
Confirming the hit
Electronic reports have been confirmed by “people claiming to be Stryker employees” around the world, who said their mobile devices were “remotely wiped in the middle of the night,” and an Entra login page was also defaced.
Shortly after the news broke, Stryker filed a new Form 8-K with the U.S. Securities and Exchange Commission (SEC), which, while it doesn’t have the cataclysmic tone of the media, does suggest a more serious violation.
“The incident has caused, and is expected to continue to cause, disruptions and access limitations to certain of the company’s information systems and business applications that support aspects of the company’s operations and corporate functions,” Stryker said in the filing. “While the company is working diligently to restore functionality and access to affected systems, the timeline for a full restoration is not yet known.”
In a later update posted to the company’s website, Stryker said it is still resolving the outage and currently has no reason to believe ransomware or malware was deployed. “We believe the situation is limited solely to our internal Microsoft environment,” he said.
“Our products like Mako, Vocera and LIFEPAK35 are completely safe to use.”
Customers who placed orders before the attack will see them shipped “as soon as our system communications are restored,” the company said, adding that any orders placed after the attack “are being reviewed.”
The first reports about Handala date back to late 2023 and describe them as “hacktivists linked to the Iranian Ministry of Intelligence and Security”, mainly targeting Israeli organizations around the world.
Through beepcomputer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
