Iran-linked hacker group Handala claimed responsibility for a cyberattack on Stryker, the Michigan-based global medical technology company. The incident disrupted parts of Stryker’s Microsoft environment-including device management systems-causing widespread outages across its global network.
According to Stryker’s SEC filing, attackers appear to have exploited Microsoft Intune’s remote wipe capability-resetting thousands of employee phones and laptops to factory settings. The company confirmed no evidence of ransomware or malware, and stated the incident is contained.
Handala cited retaliation for an unverified bombing in Minab, Iran. Security analysts note this aligns with Iran’s history of destructive wiper attacks, including those against Saudi Aramco and Sands Casino.
Stryker activated business continuity protocols to maintain customer support during system restoration.