A group of Iran-linked hackers has infiltrated the servers of American medical technology giant Stryker, causing chaos around the world. As of Wednesday morning, many of Stryker's global systems have been wiped, and some login pages are now showing the hacker group's logo instead.
The hacktivist group known as Handala claimed responsibility for the attack in a message posted to an X account claiming to be affiliated with the group. The hackers wrote that they attacked Stryker “in retaliation for the brutal attack on Minab School and in response to continued cyberattacks on infrastructure” by Iran and its allies. The hackers were referring to Tehran's Minab Girls' School, which the US military reportedly bombed in a recent attack on Iran, killing more than 175 people, most of them children.
Stryker, which makes medical equipment and technology for hospitals, has operations in Israel and last year won a $450 million contract from the Pentagon to supply medical equipment to the U.S. military, but it does not appear to be directly involved in the recent attacks on Iran.
“This operation wiped over 200,000 systems, servers, and mobile devices and extracted 50 terabytes of sensitive data. Stryker's offices in 79 countries were forced to close,” the hackers wrote.
The hackers' claims appear to be at least partially reliable. Some Stryker systems around the world have been wiped, and others are displaying the hacker group's logo on their login pages, according to the Wall Street Journal.
A Stryker spokesperson told the Journal: “Our teams are working aggressively to restore our systems and operations as quickly as possible. Stryker has business continuity measures in place and is committed to continuing to serve our customers.”
“Stryker is currently experiencing a severe global disruption across its Windows environments, impacting both client devices and servers,” a notice sent to employees said, according to WSJ. “This issue is widespread and has a significant impact on users' ability to access systems and services.”
tech crunch event
San Francisco, CA | October 13-15, 2026
The company did not immediately respond to TechCrunch's request for comment. The U.S. Cybersecurity and Infrastructure Security Agency, which responds to cyberattacks, did not respond to requests for comment.
According to IBM X-Force Exchange, Handara emerged after the Oct. 7 Hamas attack on Israel, targeting civilian infrastructure in Israel, energy companies in the Gulf region, and Western organizations. “Its operations are focused on creating a destructive and psychological impact,” the company wrote on the exchange, which tracks threat groups. “Handala employs an extensive and evolving toolkit that includes phishing, custom wiper malware, ransomware-style extortion, data theft, and hacking and leakage operations. Its campaigns are consistently characterized by ideological messages, exaggerated or misleading infringement claims, and intentional targeting of vital sectors such as healthcare and energy.”
Handara also has a website that lists and documents dozens of Israelis who are said to work or have worked for the Israel Defense Forces, as well as major local defense and surveillance contractors such as Elbit Systems and NSO Group.
Israeli cybersecurity firm Check Point wrote in a recent report that since the outbreak of the Iran war, Handara has “infiltrated easily accessible systems, conducted hack-and-leak operations, and timed the release of stolen material in order to maximize pressure.”