'An unprecedented blow': US medtech giant Stryker suffers global outage after apparent Iranian cyberattack

News
By published

Handala isn't playing around with attack on Stryker

Robotic mask face with electronic wires in a sci-fi technology or artificial intelligence network concept.
(Image credit: Shutterstock)
  • Iranian-linked Handala group claims Stryker cyberattack
  • 50TB of data stolen, 200,000+ systems wiped
  • SEC filing confirms major disruptions across global operations

A threat actor apparently linked to the Iranian regime claims to have struck an American medtech giant, sending it back to the age of pen and paper.

A group calling itself Handala (AKA Hatef, Hamsa) broke into Stryker, a Fortune 500 healthcare technology company with tens of billions in annual sales, stealing 50 terabytes of data and wiping “tens of thousands of systems and servers across the company’s network.”

"In this operation, over 200,000 systems, servers, and mobile devices have been wiped, and 50 terabytes of critical data have been extracted," the attackers allegedly said. "Stryker’s offices in 79 countries have been forced to shut down."

Article continues below

Confirming the blow

The eports have been confirmed by “people claiming to be Stryker employees” all over the world, who said their mobile devices were “remotely wiped in the middle of the night”, with an Entra login page also defaced.

Soon after news broke, Stryker filed a new 8-K form with the US Securities and Exchange Commission (SEC), which, although it does not have the cataclysmic tone of the media, does suggest a more serious breach.

“The incident has caused, and is expected to continue to cause, disruptions and limitations of access to certain of the company’s information systems and business applications supporting aspects of the company’s operations and corporate functions,” Stryker said in the filing. “While the company is working diligently to restore affected functions and systems access, the timeline for a full restoration is not yet known.”

In a later update posted on the company’s website, Stryker said it is still resolving the disruption, and currently has no reason to believe ransomware or malware were deployed. “We believe the situation is contained to our internal Microsoft environment only,” it said.

“Our products like Mako, Vocera and LIFEPAK35 are fully safe to use. “

Customers who made orders before the attack will see them shipped “as soon as our system communications are restored”, the company said, adding that any orders made after the attack “are being examined”.

Earliest reports on Handala date back to late 2023, and they are described as “hacktivists linked to Iran’s Ministry of Intelligence and Security”, targeting mostly Israeli organizations around the world.

Via BleepingComputer

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.