Pro-Iran hacktivist group says it is behind attack on medical tech giant Stryker

2026-03-11 · Source: TechCrunch · Field: Technology & Digital — Cybersecurity & Data Privacy, Cloud Computing & IT Infrastructure · Depth: Fundamental Awareness, quick

Summary

A pro-Iran hacktivist group named Handala claimed responsibility for a cyberattack on U.S. medical technology giant Stryker, causing widespread global disruptions including system wipes and the display of the group's logo on login pages. The group stated the attack was in retaliation for a U.S. military strike on a school in Iran and claimed to have wiped over 200,000 systems, extracted 50 terabytes of data, and forced Stryker offices in 79 countries to shut down, claims partially corroborated by The Wall Street Journal. Stryker, which holds a \$450 million contract with the U.S. Department of Defense and has operations in Israel, confirmed a "severe, global disruption" and is actively working to restore its systems. Handala, which emerged after October 7, targets critical infrastructure like healthcare and energy, employing tactics such as wiper malware, ransomware-style extortion, and data theft to achieve disruptive and psychological impact.

Key takeaway

Iran-linked hacktivist group Handala executed a major cyberattack on medical tech giant Stryker, wiping over 200,000 systems and extracting 50 TB of data globally using wiper malware. This incident underscores the critical need for AI/ML professionals to implement robust threat detection, data resilience, and incident response frameworks to protect critical infrastructure from sophisticated, state-aligned cyber threats.

Topics

• Cyberattack
• Hacktivism
• Data Breach
• Critical Infrastructure
• Cybersecurity

Best for: CTO, VP of Engineering/Data, Security Engineer, IT Professional, Executive

Related on AIssential

• The Stryker Attack: Enterprise Resiliency Plans Can’t Ignore UEM — An Iranian-linked hacktivist group, Handala, claimed a geopolitically motivated cyberattack on medical device manufacturer Stryker Corporation, alleging the wipe of 200,000 systems and theft of 50 terabytes of data.
• Hacktivists claim to have hacked Homeland Security to release ICE contract data — Hacktivists leaked DHS/ICE contract data to expose companies supporting controversial immigration enforcement.
• Russian-linked hackers weaponize leaked DarkSword against iPhones — Russian state-sponsored hackers, identified as TA446 (affiliated with Russia's FSB), have launched a spear-phishing campaign weaponizing the recently leaked DarkSword iOS exploit kit to target Apple d…
• AI Weekly Issue #480: Monday Edition : npm compromised by North Korea, Iran targets AI data centers, and nobody wants OpenAI stock — Nation-state actors, AI model deception, and market instability are converging to challenge the AI ecosystem.
• UK could face ‘hacktivist attacks at scale’, says head of security agency — Geopolitical conflict could trigger large-scale hacktivist attacks in the UK, mirroring ransomware impacts but without recovery options.
• Bug bounty businesses bombarded with AI slop — AI tools are overwhelming bug bounty programs with low-quality reports, necessitating program adaptation and AI-driven triage.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by TechCrunch.