STRYKER , the US-based medtech group, admitted that an Iran-linked cyberattack disrupted its global operations by impacting the company’s Microsoft environment, though the intrusion appears to have been limited to IT systems rather than operational technology. The attackers, identified by SecurityWeek as the Handala group, claimed to have wiped more than 200,000 devices and to have exfiltrated 50TB of data, forcing office closures across dozens of countries.
The defence line has shifted from malware to living-off-the-land techniques, with claims that systems were wiped via Microsoft Intune, a cloud-based endpoint management service; Stryker says no malware or ransomware was detected during its investigation. Handala, described as a pro-Palestinian hacktivist group by SecurityWeek, is widely viewed in cybersecurity circles as a cover for Void Manticore, an Iranian state-sponsored actor thought to operate under Iran’s MOIS.
Revenue reports place Stryker’s 2025 takings at $25 billion, and Ireland was noted as home to its largest hub outside the US, where support staff were sent home as the disruption unfolded. The article, dated 13 March 2026, highlights ongoing questions about whether OT was directly targeted or the effects stemmed from an IT compromise.