A group of Iran-linked hackers, known as Handala, claim to have broken into the servers of U.S. medical tech giant Stryker, causing disruptions worldwide.
Stryker, which makes medical devices and technology for hospitals, has seen many of its global systems wiped, and some login pages are showing the logo of the hacker group. The hackers claim to have wiped over 200,000 systems, servers, and mobile devices, and extracted 50 terabytes of critical data.
The attack appears to be in retaliation for the recent attacks on Iran, including the bombing of the Minab girls school in Tehran, which killed over 175 people. Stryker has operations in Israel and secured a $450 million contract from the Department of Defense last year to supply medical devices to the U.S. military.
The Funding and Contract Background
Stryker's $450 million contract with the Department of Defense was announced in July 2025, and the company has been working to supply medical devices to the U.S. military. The contract highlights Stryker's significant role in the medical tech industry and its connections to the U.S. military.
A Stryker spokesperson told The Wall Street Journal that the company's teams are working to restore systems and operations as quickly as possible. The spokesperson also stated that Stryker has business continuity measures in place and is committed to continuing to serve its customers.
Handala's History and Tactics
Handala emerged after Hamas' October 7 attack on Israel and has targeted Israeli civilian infrastructure, energy companies in the Gulf region, and Western organizations. The group employs a broad and evolving toolkit, including phishing, custom wiper malware, ransomware-style extortion, data theft, and hack-and-leak activity.
According to the IBM X-Force Exchange, Handala's campaigns consistently feature ideological messaging, inflated or misleading breach claims, and deliberate targeting of life-critical sectors such as healthcare and energy. The group also has a website that lists and doxes dozens of Israelis who allegedly work or used to work for the Israeli Defense Forces.
Response and Implications
The U.S. Cybersecurity and Infrastructure Security Agency did not respond to a request for comment on the attack. Stryker did not immediately respond to TechCrunch's request for comment.
The attack highlights the growing threat of Iran-linked hackers and the need for companies to prioritize cybersecurity. As reported by The Wall Street Journal, Stryker's systems all over the world have been wiped, and others are showing the logo of the hackers group on login pages.
