GoKawiilIranian hacking group Handala claims that it has successfully attacked American medical technology company Stryker, resulting in the extraction of 50TB of data and the wiping of over 200,000 devices connected to the company, including personal devices owned by its employees. The Michigan-based firm is a Fortune 500 company that operates in 61 countries with 56,000 employees, and it serves 150 million patients annually. According to The Register, this would be the first major cyberattack connected to the ongoing U.S.-Israel-Iran war to directly hit a private company.
“We are continuing to resolve the disruption impacting our global network, resulting from the cyber attack (sic),” the company said in a statement. “At this time, there is no indication of malware or ransomware and we believe the situation is contained to our internet Microsoft environment only.”
Some Stryker employees from Ireland, Australia, and the U.S. went on to Reddit to talk about the attack, with some claiming that their Stryker-managed devices were wiped clean at around 3:30 AM EDT. Other comments suggested that their personal devices that are connected to Stryker’s network have been hit, too, making them unable to log into their accounts because their two-factor authentication has been wiped from their phones. The company also allegedly told its personnel to remove Microsoft Intune, a cloud-based Unified Endpoint Management tool used for managing, securing, updating, and monitoring devices across operating systems, including Windows, macOS, iOS, iPadOS, Android, and Linux, Microsoft Teams, and the company portal and VPN from personal devices.
Article continues below
It’s currently unclear how the hackers were able to breach Stryker’s systems, but the company says that only its internal Microsoft environment has been affected so far. What’s unfortunate, though, is that even the personal devices of employees have been affected through Stryker’s mobile device management (MDM) software. The creator of the O.MG pen testing cable even said on X that they wouldn’t allow companies to install these on personal devices, even though the organization promises that it will not access or erase personal data. In most cases, this is only a policy, and the MDM app still retains these capabilities. So, if a bad actor were to gain control of the management suite, it could have complete and unprecedented access to the users’ personal data, as evidenced by the Stryker breach.
If you use a personal phone/laptop for your work, pay very close attention to this little detail. Iran attackers wipe 200k devices at a company called Stryker. Within those devices appears to be employees PERSONAL devices.The attackers used the company’s MDM software, which… https://t.co/oPcLv5HUAr pic.twitter.com/z5XlsTECbIMarch 12, 2026
This marks another escalation in the ongoing war in the Middle East, coming just a day after Iran released a threat to Nvidia, Microsoft, and other tech companies in the Middle East. However, this is par for the course in any modern conflict, and we’ve already seen cyberattacks targeting civilian infrastructure happen across other warzones and nearby regions, such as in Ukraine and Eastern Europe. But the fact that Stryker — a U.S.-based company based nowhere near the Middle East — was hit by this major cyberattack shows that the online part of this conflict is starting to spill out to the international stage.
Follow Tom's Hardware on Google News, or add us as a preferred source, to get our latest news, analysis, & reviews in your feeds.