Medical technology giant Stryker said it was working to restore computers and internal networks following a cyberattack in which pro-Iranian hackers allegedly were able to remotely wipe tens of thousands of employee devices.
The hack continues to cause widespread disruption to the company's operations and is believed to be the first major U.S. cyberattack in response to the Trump administration's war on Iran.
Stryker said in an update over the weekend that the March 11 cyberattack was contained to its internal Microsoft environment and that its internet-connected medical products are “safe to use.”
The cause of the breach is still under investigation, but the medical device technology maker said it sees no signs of ransomware or malware. Stryker said its ability to fulfill orders, manufacture and ship devices continues to be disrupted.
A pro-Iranian hacker group called Handara took credit for the devastating breach, claiming the hack was carried out in response to a US airstrike on an Iranian school that killed at least 175 people, mostly children. The hackers also defaced the company's login page with their logo.
According to Bleeping Computer, the Handala hackers may have used the company's internal Stryker administrator account to break in and give them nearly unrestricted access to the company's Windows network. The hackers allegedly accessed the company's Microsoft InTune dashboard, which allows remote management of employee laptops and mobile devices, including deleting data in case an employee's device is lost or stolen.
A successful compromise of the company's InTune dashboard would have allowed hackers to remotely wipe employee phones and laptops (including personal devices) without using malware.
The Wall Street Journal also reported that hackers targeted InTune.
A Stryker spokesperson did not respond to requests for comment or questions about the breach, including whether the allegedly compromised accounts were protected with multi-factor authentication.
It's unclear how the hackers gained access to Stryker's network in the first place. Palo Alto Networks security researchers said Handara hackers may have used phishing to compromise Stryker's network. IBM said the Iranian-aligned hacker group is known for its phishing techniques and destructive attacks targeting the healthcare and energy sectors. Infostealer malware, which can steal personal passwords and credentials, may also be the culprit.
Stryker has 56,000 staff around the world and operates in more than 60 countries, according to Reuters.