Iran-Linked Hackers Claim Responsibility for Stryker Cyber Attack

Iran-Linked Hackers Claim Responsibility for Stryker Cyber Attack

Iran-Linked Hackers Claim Responsibility for Stryker Cyber Attack

A hacktivist group with ties to Iran’s intelligence agencies has claimed responsibility for a data-wiping attack against Stryker, a global medical technology company based in Michigan.

Understanding the Attack

The group, known as Handala, claimed that Stryker’s offices in 79 countries have been forced to shut down after they erased data from over 200,000 systems, servers, and mobile devices.

Meanwhile, a voicemail message at Stryker’s main U.S. headquarters stated that the company is currently experiencing a building emergency.

Impact on Stryker’s Operations

Stryker, a medical and surgical equipment maker, reported $25 billion in global sales last year. The company has 56,000 employees in 61 countries.

A report from the Irish Examiner said Stryker staff are now communicating via WhatsApp for any updates on when they can return to work.

Handala’s Motivations

The group said the wiper attack was in retaliation for a February 28 missile strike that hit an Iranian school and killed at least 175 people, most of them children.

Handala was one of several hacker groups recently profiled by Palo Alto Networks, which links it to Iran’s Ministry of Intelligence and Security (MOIS).

Method of Attack

A trusted source with knowledge of the attack told KrebsOnSecurity that the perpetrators appear to have used a Microsoft service called Microsoft Intune to issue a ‘remote wipe’ command against all connected devices.

Intune is a cloud-based solution built for IT teams to enforce security and data compliance policies.

Impact on Healthcare Providers

The ongoing attack is already affecting healthcare providers. One healthcare professional at a major university medical system in the United States told KrebsOnSecurity they are currently unable to order surgical supplies that they normally source through Stryker.

John Riggi, national advisor for the American Hospital Association (AHA), said the AHA is not aware of any supply-chain disruptions as of yet.

Precautions and Next Steps

According to a March 11 memo from the state of Maryland’s Institute for Emergency Medical Services Systems, Stryker indicated that some of their computer systems have been impacted by a ‘global network disruption.’

As a precaution, some hospitals have opted to disconnect from Stryker’s various online services, including LifeNet.

This is a developing story. Updates will be noted with a timestamp.

Frequently Asked Questions

  1. What is the nature of the cyber attack against Stryker? The attack is a data-wiping attack that has affected Stryker’s offices in 79 countries.
  2. Who is responsible for the attack? The hacktivist group Handala, which has ties to Iran’s intelligence agencies, has claimed responsibility for the attack.
  3. What is the impact of the attack on Stryker’s operations? The attack has forced Stryker to shut down its offices in 79 countries and has affected the company’s ability to provide medical supplies to healthcare providers.
  4. How can healthcare providers prepare for potential supply-chain disruptions? Healthcare providers can prepare by identifying alternative sources for medical supplies and developing contingency plans in case of a disruption.
  5. What is the current status of the attack? The attack is ongoing, and Stryker is working to restore its systems and services.