GoKawiilUpdate: Story updated with a statement from Stryker confirming they suffered a disruptive cyberattack.
Leading medical technology company Stryker has been hit by a wiper malware attack claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group.
The medtech giant manufactures a range of products, including surgical and neurotechnology equipment. With over 53,000 employees, Stryker is a Fortune 500 company that reported global sales of $22.6 billion in 2024.
Handala says they stole 50 terabytes of data before wiping tens of thousands of systems and servers across the company's network, forcing Stryker to shut down in "an unprecedented blow."
"In this operation, over 200,000 systems, servers, and mobile devices have been wiped and 50 terabytes of critical data have been extracted," the attackers said. "Stryker’s offices in 79 countries have been forced to shut down."
Handala's Stryker statement (BleepingComputer)
This aligns with reports from people claiming to be Stryker employees from the United States, Ireland, Costa Rica, and Australia, who said their managed Windows and mobile devices were remotely wiped in the middle of the night. The attackers have also defaced the company's Entra login page to display a Handala logo.
A Stryker employee told BleepingComputer the incident began early Wednesday morning, when devices enrolled in the company's mobile device management system were remotely wiped. The employee said colleagues who had personal phones enrolled for work access also lost data after their devices were reset.
Staff were instructed to remove corporate management and applications from their personal devices, including the Intune Company Portal, Teams, and VPN clients.
Numerous employees also report that the attack disrupted access to internal services and applications, forcing some locations to revert to "pen and paper" workflows after systems became unavailable.
... continue reading