Main medical expertise firm Stryker has been hit by a wiper malware assault claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group.
The medtech large manufactures a spread of merchandise, together with surgical and neurotechnology tools. With over 53,000 staff, Stryker is a Fortune 500 firm that reported world gross sales of $22.6 billion in 2024.
Handala says they stole 50 terabytes of knowledge earlier than wiping tens of hundreds of methods and servers throughout the corporate’s community, forcing Stryker to close down in “an unprecedented blow.”
“On this operation, over 200,000 methods, servers, and cellular units have been wiped and 50 terabytes of essential knowledge have been extracted,” the attackers mentioned. “Stryker’s workplaces in 79 international locations have been compelled to close down.”
This aligns with experiences from individuals claiming to be Stryker staff from the USA, Eire, Costa Rica, and Australia, who mentioned their managed Home windows and cellular units had been remotely wiped in the course of the evening. The attackers have additionally defaced the corporate’s Entra login web page to show a Handala brand.
A Stryker worker instructed BleepingComputer the incident started early Wednesday morning, when units enrolled within the firm’s cellular system administration system had been remotely wiped. The worker mentioned colleagues who had private telephones enrolled for work entry additionally misplaced knowledge after their units had been reset.
Employees had been instructed to take away company administration and functions from their private units, together with the Intune Firm Portal, Groups, and VPN shoppers.
Quite a few staff additionally report that the assault disrupted entry to inner providers and functions, forcing some places to revert to “pen and paper” workflows after methods turned unavailable.
Because of the assault, Stryker is now working to revive their methods amid a worldwide outage, as first reported by The Wall Road Journal.
“We’re experiencing a extreme, world disruption impacting all Stryker laptops and methods that connect with our community,” Stryker instructed staff in Cork, Eire, based on native media.
“Right now, the foundation trigger has not but been recognized. We’re actively engaged with Microsoft and treating this a essential, enterprise-wide incident,” the corporate additionally instructed staff in Asia.
Handala (often known as Handala Hack Crew, Hatef, Hamsa) first surfaced in December 2025 as a hacktivist operation linked to Iran’s Ministry of Intelligence and Safety (MOIS) that targets Israeli organizations with harmful malware designed to wipe Home windows and Linux units.
They’re additionally identified for stealing delicate knowledge from victims’ compromised methods and publishing it on the group’s knowledge leak portals.
BleepingComputer reached out to a Stryker spokesperson with questions concerning the incident, however a response was not instantly out there.
Malware is getting smarter. The Crimson Report 2026 reveals how new threats use math to detect sandboxes and conceal in plain sight.
Obtain our evaluation of 1.1 million malicious samples to uncover the highest 10 strategies and see in case your safety stack is blinded.
