Iran-linked hackers claim sweeping strike on Stryker

Global medical technology manufacturer Stryker has been hit by a major cyberattack claimed by an Iran-linked hacker collective, triggering widespread disruption to corporate systems and raising fresh concerns about cyber warfare spilling into commercial infrastructure.

The group, calling itself Handala, said it carried out a destructive operation that wiped data across more than 200,000 company devices while extracting roughly 50 terabytes of information from internal networks. The incident disrupted internal communications, disabled corporate laptops and phones, and forced employees in multiple countries offline as investigators moved to contain the breach.

Stryker confirmed that it was experiencing a “global network disruption” affecting its Microsoft-based enterprise environment following the cyber intrusion. Company officials said early assessments showed no sign of ransomware and indicated the incident appeared to be contained, though the full operational and financial impact remained under investigation.

The Portage, Michigan-based manufacturer employs about 56,000 people across more than 60 countries and produces a wide range of medical technologies used in surgery, orthopaedics and hospital communications. The attack caused operational disturbances in several business functions, including order processing, manufacturing coordination and shipment logistics, though the company said patient-connected devices and clinical systems were not affected.

Handala publicly claimed responsibility through messages posted online, declaring the operation a “major cyber campaign” and framing it as retaliation for military action in Iran. The group asserted that its attack erased data on thousands of servers and endpoints while seizing sensitive corporate files. Independent verification of all claims has not been possible, but cybersecurity analysts said the scale of disruption reported by Stryker indicates a significant breach of corporate infrastructure.

Employees across several facilities reported losing access to internal systems almost simultaneously as devices were remotely wiped. Some staff members said login screens were replaced with the hackers’ logo while corporate networks shut down within minutes. Offices in Europe, including a large hub in Cork, Ireland, were among the locations where thousands of workers were temporarily unable to access company networks or resume work.

Early technical analysis suggests the attackers may have exploited administrative access to Microsoft device-management tools to issue remote wipe commands across the company’s enterprise network. Cybersecurity specialists note that such methods allow attackers to erase corporate laptops, servers and mobile devices using legitimate management features rather than custom malware, complicating detection and recovery efforts.

Stryker’s systems reportedly began failing shortly after midnight in the United States as employees saw devices disconnect from company services and lose stored data. Workers were instructed not to connect corporate equipment to networks while cybersecurity teams and external experts attempted to restore affected infrastructure.

The incident has also had financial repercussions. Shares in the medical technology firm fell following disclosure of the attack, reflecting investor concern about the scale of operational disruption and the potential cost of restoring global networks.

Handala has emerged as a prominent hacktivist group associated with cyber campaigns targeting organisations perceived as linked to Western or Israeli interests. Analysts tracking the group say its operations typically combine data theft, public messaging and attempts to damage corporate reputation through information leaks.

Security experts warn that attacks of this kind demonstrate how geopolitical tensions are increasingly spilling into cyberspace, where corporate entities can become indirect targets of politically motivated operations. By attacking companies tied to global supply chains, hacker groups are able to amplify the economic and psychological impact of conflicts without striking physical infrastructure.

Medical technology firms are considered particularly sensitive targets because disruptions to manufacturing or logistics could ripple across hospital supply chains. Although Stryker said clinical devices already deployed in hospitals were unaffected, analysts noted that prolonged disruption to corporate systems could still affect product deliveries and engineering operations.

Governments and cybersecurity researchers have observed a rise in hacktivist campaigns during periods of geopolitical confrontation. Such groups often operate with ideological motivations while maintaining loose or ambiguous links to state interests, allowing governments plausible deniability in cyberspace operations.

The breach at Stryker illustrates the growing vulnerability of multinational companies whose networks span dozens of countries and rely on cloud-managed devices. Large enterprises increasingly depend on centralised digital management systems to maintain security and efficiency, but those same systems can become powerful attack vectors if administrative credentials are compromised.