ARS Technica reports that Stryker, a multinational medical device maker, confirmed a cyberattack that disrupted much of its Microsoft-based infrastructure, with responders saying there is no indication that ransomware or malware were involved and that the incident appears contained to the internal Windows environment.
The attack followed claims from a group aligned with the Iranian government, Handala Hack, that it had carried out the data wiping, with social-media posts and reports from outlets including the Irish Examiner noting wiped devices and login pages bearing Handala Hack’s logo.
Investigations have pointed to potential use of Microsoft InTune to issue deletion commands across Stryker’s network, a theory supported by security firm Check Point, which described Handala Hack as relying on both custom and publicly available tools and often engaging access brokers for initial access.
There is also mention that Stryker indicated Lifepak, Lifenet, and Mako devices were functioning normally, and a Securities and Exchange Commission filing revealed no timeline for restoring normal day-to-day activities.
Taken together, analysts say the attack’s aims appear to be retaliatory and psychological, with Stryker described as a strategic target due to its role as a major supplier of lifesaving medical devices, while the precise breach method remains publicly undetermined, according to the Irish, Irish Examiner report and other sources cited in the piece. According to the Securities and Exchange Commission filing, Stryker has not set a recovery timeline.