SECURITY

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

🔴 BREAKING

A hacktivist group with ties to Iran’s intelligence agencies says it wiped data from Stryker’s global systems, forcing 5,000 workers in Ireland home. A building

A hacktivist group linked to Iran’s intelligence agencies claims it launched a data-wiping attack on Stryker, a Michigan medical tech giant, forcing 5,000 workers in Ireland home and prompting a building emergency at its U.S. headquarters.

By GlobalBR News · via Krebs on Security

March 11, 2026 at 12:20 PM UTC

5 min read

Text size:

TL;DR

Iran-backed hackers hit Stryker with a wiper attack that shut down 200,000 systems worldwide.

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker — A medical device from Stryker, the Michigan-based company hit by a claimed cyberattack from Iran-linked hackers.

Key Points

Iran-linked hackers claimed a wiper attack on Stryker, a $25B medical tech firm.
The attack forced 5,000 workers in Ireland home and triggered a U.S. headquarters emergency.
The group says it wiped data from 200,000 systems across 79 countries.

A hacktivist group tied to Iran’s intelligence agencies has taken credit for a destructive cyberattack on Stryker, a global medical technology company based in Kalamazoo, Michigan. The group, known as Handala or Handala Hack Team, posted a detailed statement on Telegram claiming it erased data from more than 200,000 systems, servers, and mobile devices across 79 countries, crippling Stryker’s operations worldwide. The attack comes amid a growing trend of hacktivist groups using destructive malware to draw attention to geopolitical grievances, often with state backing or encouragement.

In Ireland, Stryker’s largest hub outside the U.S., local media reported the company sent over 5,000 employees home today after the attack disrupted operations. Meanwhile, a voicemail message at Stryker’s U.S. headquarters in Kalamazoo described a building emergency, though the company has not confirmed whether the two events are connected. Stryker, which reported $25 billion in global sales last year, is a major player in surgical and medical equipment, supplying hospitals and clinics with everything from hospital beds to robotic surgery systems.

What the hackers claimed

Handala’s 3,000-word manifesto, shared alongside the attack details, framed the operation as a blow against corporate corruption and injustice. The group claimed all the stolen data would be released to “the free people of the world,” alleging Stryker’s actions had harmed patients and healthcare systems. The statement included screenshots of internal systems it said were compromised, though their authenticity could not be independently verified. Cybersecurity experts note that hacktivist groups often overstate their motives, blending genuine grievances with propaganda to justify disruptive actions.

The attack mirrors a growing pattern of wiper malware incidents linked to state-aligned groups, particularly those operating in the Middle East. In 2020, a similar campaign attributed to Iran’s Islamic Revolutionary Guard Corps targeted Israeli and Gulf state institutions. Unlike ransomware, which encrypts data for financial gain, wiper malware permanently destroys files, making recovery difficult even with backups. For medical device companies like Stryker, such attacks can pose direct risks to patient care if critical systems go offline.

How Stryker is responding

Stryker has not yet released a public statement about the scope of the damage or whether patient data was accessed. The company’s NYSE ticker (SYK) remains active, suggesting trading has not been disrupted, but cybersecurity analysts warn that the full impact could take days to assess. IT teams are likely working around the clock to restore systems from backups, though wiper malware often corrupts or deletes those as well. The attack raises questions about Stryker’s cybersecurity preparedness, especially given its reliance on connected medical devices and cloud-based systems for global operations.

The incident also highlights the increasing vulnerability of healthcare providers to politically motivated cyberattacks. In 2023, the U.S. Department of Health and Human Services warned hospitals to brace for similar threats, noting that critical infrastructure sectors were prime targets. For Stryker, a company that supplies equipment used in surgeries and patient monitoring, even a temporary shutdown of systems could have cascading effects on healthcare delivery.

What’s next

Handala’s claims are unverified, and Stryker has not acknowledged the attack or its origin. If the group did breach Stryker’s networks, it could take weeks to fully assess the damage and restore operations. Cybersecurity firms are likely analyzing the malware samples for clues about its origin and capabilities. Meanwhile, the attack serves as a stark reminder that no industry—even healthcare—is immune to destructive cyber campaigns, especially when geopolitical tensions spill into the digital realm. For now, Stryker’s global workforce is left wondering when, or if, normal operations will resume.

What You Need to Know

Source: Krebs on Security
Published: March 11, 2026 at 16:20 UTC
Category: Security
Topics: #krebs · #security · #cybersecurity · #hacking · #iran · #backed-hackers-claim

Read the Full Story

This is a curated summary. For the complete article, original data, quotes and full analysis:

Read the full story on Krebs on Security →

All reporting rights belong to the respective author(s) at Krebs on Security. GlobalBR News summarizes publicly available content to help readers discover the most relevant global news.

Curated by GlobalBR News · March 11, 2026

🇧🇷 Resumo em Português

Hackers ligados ao Irã atacam gigante da saúde e deixam 5 mil funcionários irlandeses sem trabalho.

Um grupo de hacktivists com supostos vínculos aos serviços de inteligência do Irã anunciou ter realizado um ataque de wiper (destruidor de dados) contra a Stryker, poderosa empresa americana de tecnologia médica. O golpe teria afetado sistemas globais da companhia, obrigando cerca de 5 mil funcionários na Irlanda a serem dispensados temporariamente. Embora ainda não haja confirmação oficial sobre a extensão dos danos ou a motivação política por trás da ação, o incidente reacende alertas sobre a crescente sofisticação de ciberataques patrocinados por Estados e grupos paramilitares, especialmente em setores críticos como saúde e infraestrutura.

No Brasil, o caso ganha relevância por dois motivos: primeiro, porque a Stryker é uma das maiores fornecedoras de equipamentos médicos para hospitais e clínicas no país, o que levanta preocupações sobre possíveis impactos em serviços de saúde brasileiros que dependem de seus sistemas; segundo, porque o ataque reforça a necessidade de empresas nacionais e internacionais reforçarem suas defesas contra ransomware e wipers, ferramentas cada vez mais usadas em operações de desestabilização geopolítica. Especialistas brasileiros em cibersegurança já alertam para o risco de grupos similares mirarem alvos nacionais, aproveitando a vulnerabilidade de setores estratégicos durante períodos de instabilidade global.

A próxima etapa deve incluir investigações independentes para confirmar a autoria do ataque e, possivelmente, novas sanções internacionais contra o Irã, enquanto empresas brasileiras revisam seus protocolos de segurança para evitar tornarem-se alvos fáceis.

Original Source

Krebs on Security

Read full article at Krebs on Security →

This post is a curated summary. All rights belong to the original author(s) and Krebs on Security.

#krebs #security #cybersecurity #hacking #iran #backed-hackers-claim #wiper-attack #medtech-firm-stryker #stryker #stryker-cyberattack #handala-hackers-iran #wipers-malware-attack #medical-tech-cybersecurity #iran-linked-hacktivists #stryker-data-breach #cyberattack-on-hospitals #wipers-malware-healthcare

Key Topics: Stryker Handala (Handala Hack Team) Iran’s Islamic Revolutionary Guard Corps Kalamazoo, Michigan Telegram

Was this article helpful?

Discussion

Frequently Asked Questions

Who is Handala, the group claiming the Stryker attack?

Handala is a hacktivist group that claims ties to Iran’s intelligence agencies. It has posted manifestos alongside cyberattacks, often framing them as acts of anti-corruption or resistance. Security researchers have linked its activities to Iranian state interests, though the group operates independently in name.

What is wiper malware, and why is it different from ransomware?

Wiper malware permanently destroys data by overwriting files, making recovery nearly impossible even with backups. Unlike ransomware, which encrypts files for ransom, wipers leave no path to restoration. They’re often used in cyberattacks tied to geopolitical conflicts or hacktivism.

How many Stryker employees were affected by the attack?

Over 5,000 workers in Ireland were sent home after the attack disrupted operations. The company has not disclosed how many employees worldwide were impacted, but the hackers claim they shut down systems in 79 countries.

Has Stryker confirmed the cyberattack?

Stryker has not publicly confirmed the attack, though a voicemail at its U.S. headquarters referenced a building emergency. The company’s silence leaves many questions unanswered, including whether patient data was accessed or compromised.

What does this mean for healthcare cybersecurity moving forward?

The attack underscores the growing risk to healthcare providers from politically motivated cyber threats. With medical devices increasingly connected to networks, hospitals and suppliers like Stryker face higher stakes in defending against destructive malware.

`/`	Focus search
`j`	Next post
`k`	Previous post
`h`	Go home
`?`	Show this help

What the hackers claimed

How Stryker is responding

What’s next

What You Need to Know

Read the Full Story

🇧🇷 Resumo em Português

Discussion

Frequently Asked Questions

Related Articles

Your iPhone Gets Stolen. Then the Hacking Begins

New Fragnesia Linux Kernel LPE Grants Root Access via Page Cache Corruption

18-Year-Old NGINX Rewrite Module Flaw Enables Unauthenticated RCE

Get today's top stories →