An Iran-linked group said it had hacked a U.S. medical company, causing a “global disruption” to its systems, in retaliation for the bombing of the Minab school in Iran, in an attack seen as expanding the Middle East into cyber.
Handala, a hacking group, claimed responsibility for Wednesday’s attack on Stryker Corporation, which makes medical devices and is based in Michigan. It affected thousands of employees who used the company’s Microsoft systems.
In a statement, Stryker said the attack is expected to continue causing “disruptions and access limitations to certain Company information systems and business applications” and warned: “the timeline for a full restoration is not yet known.”
Stryker’s share price fell approximately 3% following news of the attack. Lee Sult, chief researcher at cybersecurity firm Binalyze, called it “the first drop of blood in the water” as the conflict with Iran spreads to American cyber targets and predicted that “more shooting will come.” The same group of hackers has already attacked Israeli cyber targets as Iran attempts to inflict economic disruption on its adversaries.
A statement sent to
He called Stryker a “corporation with Zionist roots” and claimed, without showing evidence, that it had wiped thousands of systems and mobile devices and extracted 50 terabytes of data.
Stryker said: “We have no indication of ransomware or malware and believe the incident is contained.
“The company’s investigation into the cybersecurity incident is ongoing, and the full scope, nature and impacts, including operational and financial impacts, of the incident are not yet known,” he said in a filing with the Securities and Exchange Commission on Tuesday. “Accordingly, the company has not yet determined whether the incident is reasonably likely to have a material impact on the company.”
According to Sophos, a cybersecurity company, the “Handala Hack Team” is an Iranian hacktivist character that was first observed in 2023. They have claimed to have compromised multiple oil and gas organizations, in places such as Israel, Jordan and Saudi Arabia, according to Intel 471, a threat intelligence company.
“The recent surge in pro-Iranian hacktivist activity is currently providing the Iranian regime with greater ability to project perceived power at a time when internal connectivity is severely limited,” Intel 471 said.
