Iran-linked hackers claim responsibility for attack on US medical device maker Stryker
The logo of Stryker medical technology is seen on their plant in the IDA (Industrial Development Agency) estate, in Carrigtwohill, County Cork, Ireland March 28, 2025. REUTERS/Clodagh Kilcoyne
March 11 : An Iranian-linked hacking group on Wednesday claimed responsibility for a destructive cyberattack on U.S.-based medical device and services provider Stryker, according to messages posted to the group's Telegram channel.
The Michigan-based company, with 56,000 employees and operations in 61 countries, said in a filing with the SEC that the attack caused disruptions and limitations of access to some systems, and that the timeline for a full restoration is not yet known.
Staff and contractors said in social media posts that the logo of an Iran-linked hacking group has appeared on the company's login pages. Reuters was not able to verify the posts.
"We have no indication of ransomware or malware and believe the incident is contained," a company spokesperson said, without commenting on who may have been behind the attack. Calls to the company's global headquarters in Portage, Michigan, were answered with a recording that said the company is "currently experiencing a building emergency."
Stryker shares ended down 3.6 per cent on Wednesday.
Fears have mounted that Iran, which has sophisticated cyber espionage capabilities, might retaliate against U.S. or Israeli entities after the two countries began airstrikes against it.
"This is exactly the type of attack we have been worried about: Iranian proxies using destructive cyber attacks like data deletion against U.S. companies to retaliate," said Cynthia Kaiser, senior vice president of cybersecurity firm Halcyon's Ransomware Research Center and a former senior FBI cyber official.
Handala, an Iranian-linked hacking persona that has claimed multiple attacks on targets in Israel and around the world, said in a message posted to its Telegram channel that it was responsible for the attack, which was in response to the strike on the Minab school in southern Iran "and ongoing cyber assaults."
The group did not respond to a request for comment sent to one of its messaging accounts.
The girls' school in Minab was hit on the first day of U.S.-Israeli attacks on Iran, killing an estimated 150 students, according to Iran's ambassador to the U.N. in Geneva, Ali Bahreini. Reuters has not independently verified the figure.
The outages on Stryker's network began shortly after midnight on Wednesday on the East Coast, the Wall Street Journal reported, citing people familiar with the matter.
The company's staff found that remote devices running Microsoft's Windows operating system, including cellphones, laptops and others configured to connect to Stryker's technology systems, had been wiped.
A White House official said: "(The) Trump administration is always proactively monitoring potential cyber threats and driving a response with our world-class critical infrastructure, regulator agencies and law enforcement entities."
The FBI and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency did not respond to requests for comment.
Handala has been linked to multiple hack-and-leak operations as well as disruptive attacks, including cases in which data was destroyed, Israeli cybersecurity firm Check Point said in a report Tuesday.
"They are the most notorious group affiliated with the Iranian regime," Check Point Chief of Staff Gil Messing said in an email.
Messing added that Check Point has tracked the group for years and believes they operate under Iran's Ministry of Intelligence.
"The fact they publicly take responsibility on this attack, and the fact they know they are linked to the government, show a new phase in Iran's motivations."
