A hacktivist group with links to Iran’s intelligence agencies is claiming responsibility for a data-wiping attack against Stryker, a global medtech company based in Michigan, in a March 11, 2026 report by Krebs on Security. The group, Handala (also known as Handala Hack Team), says offices in 79 countries have been forced to shut down after erasing data from more than 200,000 systems, servers and mobile devices.
The piece notes that Stryker has about 56,000 employees and that Irish media reported staff are now communicating via WhatsApp as networks come down, with some devices wiped and login pages defaced. A trusted source told Krebs that the attackers appeared to use a Microsoft service, Intune, to issue a remote wipe command across connected devices.
According to The New York Times, an ongoing military investigation indicated the United States was responsible for the deadly missile strike on an Iranian school in February. Palo Alto Networks identifies Handala as linked to Iran’s Ministry of Intelligence and Security, emphasising opportunistic, supply-chain footholds and quick, distracting posts to amplify credibility.