A hacking crew with ties to Iran's intelligence agency claimed to be behind a global network outage at med-tech firm Stryker on Wednesday, and said the cyberattack was in response to the US-Israel airstrikes.
If true, the incident would mark a major escalation in the war's cyber component, and could be the first destructive cyberattack linked directly to the current war to hit a major US company.
In a Wednesday statement, Stryker said it was "experiencing a global network disruption to our Microsoft environment as a result of a cyber attack," adding that there is no indication of a ransomware infection or any other type of malware deployment.
Initial reports from Irish news outlets indicated that Stryker employees' devices, including their personal phones, were wiped in the attack.
The medical equipment maker said that it believes the security incident has been contained, and continues investigating the impact on its systems.
"We are working shoulder-to-shoulder with our public- and private‑sector partners as we continue to uncover relevant information and provide technical assistance for the targeted attack on Stryker, while steadfastly standing at the ready to defend our nation’s critical infrastructure," CISA Acting Director Nick Andersen told The Register. "As with all cyber incidents, we have launched an investigation into this matter."
Stryker did not immediately respond to The Register's questions about the cyberattack, including whether Handala, an Iranian hacktivist group believed to be a front for the Ministry of Intelligence and Security (MOIS), was responsible for the incident.
"If accurate, Handala's alleged disruptive attack on Stryker marks a significant escalation - this is the first time this Iranian-backed threat actor has disruptively targeted a major US enterprise," Check Point Research threat intelligence group manager Sergey Shykevich told The Register.
"The fact that they've set their sights on a major medical device company is particularly alarming," Shykevich added. "Critical healthcare infrastructure represents a high-value, high-impact target: disruption doesn't just mean data loss, it can mean patient safety. This should serve as a wake-up call for the entire medtech sector to urgently reassess their threat landscape - nation-state actors are no longer someone else's problem."
Handala, in a lengthy post on its now-deleted Telegram channel and also shared on X, claimed it wiped more than 200,000 systems and servers, and stole 50 TB of "critical data." The group said the hack was "in retaliation for the brutal attack on the Minab school and in response to ongoing cyber assaults against the infrastructure of the Axis of Resistance."
- Cybercrime isn't just a cover for Iran's government goons - it's a key part of their operations
- Iran's cyberwar has begun
- Iran intelligence backdoored US bank, airport, software outfit networks
- Iran is the first out-loud cyberwar the US has fought
At least 175 people, most of them children, were reportedly killed in what appears to have been a Tomahawk missile strike on an Iranian elementary school in Minab when the US military may have mistakenly targeted the area. The school was adjacent to, and may once have been part of, an Iranian military compound.
The crew also claimed to have breached payment device maker Verifone, and released screenshots (seen by The Register) that appeared to show the company's internal systems with a Handala Hack logo overlay.
Verifone, in a statement to The Register, refuted the hacktivists' claims.
"We have observed recent allegations on March 11, 2026 from threat actors claiming an intrusion into our systems in Israel," a Verifone spokesperson said. "Verifone has found no evidence of any incident related to this claim and has no service disruption to our clients." ®