HN
Today

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

An Iranian-backed hacktivist group, Handala, claims responsibility for a massive wiper attack against global medical technology firm Stryker, disrupting operations worldwide. This incident highlights the escalating geopolitical tensions manifesting in cyberwarfare, with a significant real-world impact on critical infrastructure. The use of Microsoft Intune for remote wiping adds a novel technical dimension to this politically motivated attack, making it highly relevant to the HN audience interested in cybersecurity, geopolitics, and supply chain vulnerabilities.

13
Score
0
Comments
#4
Highest Rank
7h
on Front Page
First Seen
Mar 12, 4:00 AM
Last Seen
Mar 12, 10:00 AM
Rank Over Time
45711131626

The Lowdown

A hacktivist group, Handala, linked to Iran's intelligence agencies, has claimed a widespread data-wiping attack against Stryker, a major medical technology company. This sophisticated cyberattack has reportedly forced Stryker's operations to shut down in dozens of countries, impacting thousands of employees and raising concerns about global healthcare supply chains.

  • The Perpetrators: Handala, also known as Handala Hack Team, is an Iranian hacktivist group identified by Palo Alto Networks as being affiliated with Iran's Ministry of Intelligence and Security (MOIS). They are known for opportunistic "hack-and-leak" activities, often targeting entities connected to Israel.
  • The Attack: The group claims to have erased data from over 200,000 systems, servers, and mobile devices across Stryker's offices in 79 countries.
  • Methodology: Evidence suggests the attackers leveraged Microsoft Intune, a cloud-based solution for IT management, to issue remote wipe commands to connected devices, rather than traditional malicious software.
  • Motivation: Handala states the attack is retaliation for a recent missile strike in Iran that killed 175 people, attributed to the United States. They also referred to Stryker as a "Zionist-rooted corporation" due to its 2019 acquisition of an Israeli company.
  • Immediate Impact: Stryker sent over 5,000 workers home in Ireland, and its U.S. headquarters declared a "building emergency." Employees reported personal devices with Microsoft Outlook being wiped, and systems in Cork, Ireland, were shut down.
  • Broader Implications: As Stryker is a major supplier of medical devices, the attack poses a potential significant supply chain disruption for healthcare providers globally, although the American Hospital Association has not yet reported direct impacts on U.S. hospitals.

This ongoing incident underscores the increasing threat of politically motivated cyberattacks against critical industries, demonstrating how geopolitical conflicts can spill into the digital realm with tangible consequences for global commerce and public services.