- Iran-linked Handala Group claims Stryker cyberattack
- 50 TB of data stolen, more than 200,000 systems erased
- SEC Filing Confirms Major Disruptions in Global Operations
A threat actor apparently linked to the Iranian regime claims to have struck a US medical technology giant, sending it back to the age of pen and paper.
A group calling itself Handala (aka Hatef, Hamsa) broke into Stryker, a Fortune 500 health technology company with tens of billions in annual sales, stealing 50 terabytes of data and wiping “tens of thousands of systems and servers across the company’s network.”
“During this operation, more than 200,000 systems, servers and mobile devices were wiped and 50 terabytes of critical data were extracted,” the attackers reportedly said. “Stryker offices in 79 countries have been forced to close their doors.”
Article continues below
Confirmation of the move
These reports were confirmed by “people claiming to be Stryker employees” around the world, who said their mobile devices had been “remotely wiped in the middle of the night,” with an Entra login page also defaced.
Shortly after the news broke, Stryker filed a new Form 8-K with the U.S. Securities and Exchange Commission (SEC), which, while lacking the cataclysmic tone of the media, suggests a more serious violation.
“The incident has caused, and is expected to continue to cause, disruptions and limitations of access to certain of the Company’s information systems and business applications supporting certain aspects of the Company’s operations and business functions,” Stryker said in the filing. “While the company is working diligently to restore functionality and access to affected systems, the timeline for a full restoration is not yet known.”
In a later update posted to the company’s website, Stryker said it was still troubleshooting the issue and currently had no reason to believe ransomware or malware had been deployed. “We believe the situation is limited to our internal Microsoft environment only,” he said.
“Our products like Mako, Vocera and LIFEPAK35 are completely safe to use. »
Customers who placed orders before the attack will see them shipped “as soon as our system communications are restored,” the company said, adding that all orders placed after the attack “are under review.”
The first reports about Handala date back to late 2023, and they are described as “hacktivists linked to the Iranian Ministry of Intelligence and Security,” primarily targeting Israeli organizations around the world.
Via BeepComputer
The best antivirus for every budget
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
