{"id":12643,"date":"2026-03-12T10:06:24","date_gmt":"2026-03-12T10:06:24","guid":{"rendered":"https:\/\/techtrendfeed.com\/?p=12643"},"modified":"2026-03-12T10:06:25","modified_gmt":"2026-03-12T10:06:25","slug":"iran-backed-hackers-declare-wiper-assault-on-medtech-agency-stryker-krebs-on-safety","status":"publish","type":"post","link":"https:\/\/techtrendfeed.com\/?p=12643","title":{"rendered":"Iran-Backed Hackers Declare Wiper Assault on Medtech Agency Stryker \u2013 Krebs on Safety"},"content":{"rendered":"


\n<\/p>\n

\n

A hacktivist group with hyperlinks to Iran\u2019s intelligence businesses is claiming duty for a data-wiping assault towards Stryker<\/strong>, a worldwide medical expertise firm primarily based in Michigan. Information studies out of Eire, Stryker\u2019s largest hub exterior of the US, stated the corporate despatched dwelling greater than 5,000 staff there at the moment. In the meantime, a voicemail message at Stryker\u2019s essential U.S. headquarters says the corporate is at present experiencing a constructing emergency.<\/p>\n

Primarily based in Kalamazoo, Michigan, Stryker [NYSE:SYK] is a medical and surgical gear maker that reported $25 billion in world gross sales final 12 months. In a prolonged assertion posted to Telegram, an Iranian hacktivist group generally known as Handala<\/strong> (a.okay.a. Handala Hack Staff) claimed that Stryker\u2019s places of work in 79 nations have been pressured to close down after the group erased knowledge from greater than 200,000 techniques, servers and cellular units.<\/p>\n

\"A<\/p>\n

A manifesto posted by the Iran-backed hacktivist group Handala, claiming a mass data-wiping assault towards medical expertise maker Stryker.<\/p>\n<\/div>\n

\u201cAll of the acquired knowledge is now within the fingers of the free individuals of the world, prepared for use for the true development of humanity and the publicity of injustice and corruption,\u201d a portion of the Handala assertion reads.<\/p>\n

The group stated the wiper assault was in retaliation for a Feb. 28 missile strike that hit an Iranian faculty and killed at the very least 175 individuals, most of them kids. The New York Occasions<\/strong> studies<\/a> at the moment that an ongoing army investigation has decided the US is answerable for the lethal Tomahawk missile strike.<\/p>\n

Handala was one in every of a number of Iran-linked hacker teams lately profiled<\/a> by Palo Alto Networks<\/strong>, which hyperlinks it to Iran\u2019s Ministry of Intelligence and Safety<\/strong> (MOIS). Palo Alto says Handala surfaced in late 2023 and is assessed as one in every of a number of on-line personas maintained by Void Manticore<\/a>, a MOIS-affiliated actor.<\/p>\n

Stryker\u2019s web site says the corporate has 56,000 staff in 61 nations. A cellphone name positioned Wednesday morning to the media line at Stryker\u2019s Michigan headquarters despatched this creator to a voicemail message that acknowledged, \u201cWe’re at present experiencing a constructing emergency. Please strive your name once more later.\u201d<\/p>\n

A report<\/a> Wednesday morning from the Irish Examiner<\/strong> stated Stryker employees are actually speaking by way of WhatsApp for any updates on once they can return to work. The story quoted an unnamed worker saying something linked to the community is down, and that \u201canybody with Microsoft Outlook on their private telephones had their units wiped.\u201d<\/p>\n

\u201cA number of sources have stated that techniques within the Cork headquarters have been \u2018shut down\u2019 and that Stryker units held by staff have been worn out,\u201d the Examiner reported. \u201cThe login pages developing on these units have been defaced with the Handala emblem.\u201d<\/p>\n

Wiper assaults normally contain malicious software program designed to overwrite any present knowledge on contaminated units. However a trusted supply with data of the assault who spoke on situation of anonymity advised KrebsOnSecurity the perpetrators on this case seem to have used a Microsoft service referred to as Microsoft Intune<\/strong> to subject a \u2018distant wipe\u2019 command towards all linked units.<\/p>\n

Intune is a cloud-based answer constructed for IT groups to implement safety and knowledge compliance insurance policies, and it offers a single, web-based administrative console to watch and management units no matter location. The Intune connection is supported by this Reddit dialogue<\/a> on the Stryker outage, the place a number of customers who claimed to be Stryker staff stated they have been advised to uninstall Intune urgently.<\/p>\n

Palo Alto says Handala\u2019s hack-and-leak exercise is primarily centered on Israel, with occasional concentrating on exterior that scope when it serves a particular agenda. The safety agency stated Handala additionally has taken credit score for current assaults towards gas techniques in Jordan and an Israeli vitality exploration firm.<\/p>\n

\u201cLatest noticed actions are opportunistic and \u2018fast and soiled,\u2019 with a noticeable give attention to supply-chain footholds (e.g., IT\/service suppliers) to succeed in downstream victims, adopted by \u2018proof\u2019 posts to amplify credibility and intimidate targets,\u201d Palo Alto researchers wrote.<\/p>\n

The Handala manifesto posted to Telegram referred to Stryker as a \u201cZionist-rooted company,\u201d which can be a reference to the corporate\u2019s 2019 acquisition of the Israeli firm OrthoSpace.<\/p>\n

Stryker is a serious provider of medical units, and the continued assault is already affecting healthcare suppliers. One healthcare skilled at a serious college medical system in the US advised KrebsOnSecurity they’re at present unable to order surgical provides that they usually supply by way of Stryker.<\/p>\n

\u201cIt is a real-world provide chain assault,\u201d the knowledgeable stated, who requested to stay nameless as a result of they weren’t approved to talk to the press. \u201cJust about each hospital within the U.S. that performs surgical procedures makes use of their provides.\u201d<\/p>\n

John Riggi<\/strong>, nationwide advisor for the American Hospital Affiliation<\/strong> (AHA), stated the AHA shouldn’t be conscious of any supply-chain disruptions as of but.<\/p>\n

\u201cWe’re conscious of studies of the cyber assault towards Stryker and are actively exchanging data with the hospital area and the federal authorities to know the character of the menace and assess any affect to hospital operations,\u201d Riggi stated in an e-mail. \u201cAs of this time, we’re not conscious of any direct impacts or disruptions to U.S. hospitals on account of this assault. That will change as hospitals consider providers, expertise and provide chain associated to Stryker and if the length of the assault extends.\u201d<\/p>\n

It is a creating story. Updates shall be famous with a timestamp.<\/p>\n

Replace, 2:54 p.m. ET:<\/strong> Added remark from Riggi and views on this assault\u2019s potential to show right into a supply-chain drawback for the healthcare system.<\/p>\n<\/p><\/div>\n\n","protected":false},"excerpt":{"rendered":"

A hacktivist group with hyperlinks to Iran\u2019s intelligence businesses is claiming duty for a data-wiping assault towards Stryker, a worldwide medical expertise firm primarily based in Michigan. Information studies out of Eire, Stryker\u2019s largest hub exterior of the US, stated the corporate despatched dwelling greater than 5,000 staff there at the moment. In the meantime, […]<\/p>\n","protected":false},"author":2,"featured_media":12645,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[717,5675,644,554,8189,262,8191,211,8192,8190],"class_list":["post-12643","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-attack","tag-claim","tag-firm","tag-hackers","tag-iranbacked","tag-krebs","tag-medtech","tag-security","tag-stryker","tag-wiper"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/12643","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=12643"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/12643\/revisions"}],"predecessor-version":[{"id":12644,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/12643\/revisions\/12644"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/12645"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=12643"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=12643"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=12643"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}