A pro-Iranian hacking group said it was behind the attack on medical technology giant Stryker

A group of Iran-linked hackers said they have breached the servers of US medical technology giant Stryker, causing unrest around the world. As of Wednesday morning, many global Stryker systems have been wiped, and some login pages instead display the hacker group’s logo.

The hacking group, known as Handala, claimed responsibility for the attack in a message posted on an X account that allegedly belongs to the group. The hackers wrote that they attacked Stryker “in response to the brutal attack on the Minab School and in response to ongoing cyberattacks against the infrastructure” of Iran and its allies. The hackers were referring to the Minab Girls School in Tehran, which the US military reportedly bombed in its recent attacks on Iran, killing more than 175 people, most of them children.

Stryker, which makes medical devices and technology for hospitals, does not appear to be directly linked to the recent attacks on Iran, although it has operations in Israel and last year received a $450 million contract from the Department of Defense to supply medical devices to the US military.

“In the process, more than 200,000 systems, servers and mobile devices were scanned and 50 terabytes of critical data was extracted. Stryker offices in 79 countries were forced to close,” the hackers wrote.

The hackers’ claims appear to be at least partially credible. According to the Wall Street Journal, some Stryker systems have been scanned around the world, and others show the hacker group’s logo on login pages.

A Stryker spokesperson told the newspaper: “Our teams are actively working to restore systems and operations as quickly as possible. Stryker has business continuity measures in place, and we are committed to continuing to serve our customers.”

“Stryker is currently experiencing a severe global disruption across its Windows environment affecting both client and server devices,” the notice sent to employees said, according to the Wall Street Journal. “The issue is widespread and significantly impacts users’ ability to access systems and services.”

The company did not immediately respond to TechCrunch’s request for comment. The US Cybersecurity and Infrastructure Security Agency, which responds to cyberattacks, did not respond to a request for comment.

According to IBM X-Force Exchange, Handala emerged after the Hamas attack on Israel on October 7, targeting Israeli civilian infrastructure, energy companies in the Gulf region, and Western organizations. “Its operations focus on creating a disruptive and psychological impact,” the company wrote on the exchange, which tracks threat groups. “Handala uses a broad and sophisticated toolkit, including phishing, custom malware, ransomware-style extortion, data theft, hacking and leaking activities. Its campaigns are consistently characterized by ideological messaging, inflated or misleading hack claims, and deliberate targeting of critical sectors such as healthcare and energy.”

Handala also maintains a website that lists and tracks dozens of Israelis who allegedly work or used to work for the Israel Defense Forces, as well as major domestic defense and surveillance contractors, such as Elbit Systems and NSO Group.

Israeli cybersecurity firm Check Point wrote in a recent report that since the beginning of the war in Iran, Handala has been “breaking into low-fidelity systems, conducting hacking and leaking activities, and timing the release of stolen material to maximize pressure.”