Hacktivist groups with Iranian ties have been escalating attacks on Western corporate infrastructure since late 2023, and Stryker Corporation is now the latest high-profile target.
The Fortune 500 medical technology company — which reported $22.6 billion in global sales in 2024 and employs more than 53,000 people — suffered a wiper malware attack that knocked its systems offline globally. The group claiming responsibility is Handala, an Iranian-linked hacktivist operation also known as Handala Hack Team, Hatef, and Hamsa, with documented ties to Iran’s Ministry of Intelligence and Security.
What the attackers claim happened
According to the announcement, Handala says it wiped more than 200,000 systems, servers, and mobile devices across Stryker‘s network and extracted 50 terabytes of data before forcing the company’s offices in 79 countries to shut down. The group also defaced the company’s Entra login page with its logo.
Employees in the United States, Ireland, Costa Rica, and Australia reported their managed Windows and mobile devices were remotely wiped overnight. Personal phones enrolled for work access were not spared — staff lost personal data after those devices were reset as well. Workers were subsequently instructed to remove corporate management tools from personal devices, including Microsoft Intune Company Portal, Teams, and VPN clients.
At multiple locations, the disruption was severe enough that staff reverted to pen-and-paper workflows after losing access to internal systems and applications.
Stryker’s official response
The company filed a Form 8-K with the SEC on March 11, 2026, confirming a cybersecurity incident affecting its entire Microsoft environment. “On March 11, 2026, Stryker Corporation identified a cybersecurity incident affecting certain information technology systems of the Company that has resulted in a global disruption to the Company’s Microsoft environment,” the filing states.
More Read
The company says it activated its cybersecurity response plan and engaged external advisors. Notably, Stryker stated it has “no indication of ransomware or malware” and believes the incident is contained — a position that sits in tension with Handala’s detailed claims of wiper deployment and mass data extraction.
In a message sent to employees in Asia, the firm said it was “actively engaged with Microsoft and treating this a critical, enterprise-wide incident.” A separate internal message to staff in Cork, Ireland described “a severe, global disruption impacting all Stryker laptops and systems that connect to our network.”
Handala first appeared in December 2023, initially targeting Israeli organizations with destructive malware built to wipe both Windows and Linux systems. The group has since expanded its target profile, using stolen data published on leak portals as an additional pressure mechanism.
The company says the incident will continue to disrupt access to network systems and business applications as restoration work proceeds, and has provided no timeline for full recovery.
Photo by Brett Sayles on Pexels
This article is a curated summary based on third-party sources. Source: Read the original article
