- Iranian-linked Handala group claims Stryker cyber attack
- 50 TB of data stolen, 200,000+ systems wiped
- SEC filing confirms major disruptions across global operations
A threat actor apparently linked to the Iranian regime claims to have hit a US pharmaceutical giant and sent it back to the age of pen and paper.
A group calling itself Handala (AKA Hatef, Hamsa) broke into Stryker, a Fortune 500 health technology company with tens of billions in annual sales, stole 50 terabytes of data and wiped “tens of thousands of systems and servers across the company’s network.”
“In this operation, over 200,000 systems, servers and mobile devices have been wiped and 50 terabytes of critical data have been extracted,” the attackers reportedly said. “Stryker’s offices in 79 countries have been forced to close.”
The article continues below
Confirmation of the battle
The eports have been confirmed by “people claiming to be Stryker employees” around the world who said their mobile devices were “wiped in the middle of the night”, with an Entra login page also destroyed.
Shortly after the news broke, Stryker filed a new 8-K form with the US Securities and Exchange Commission (SEC), which, while not having the catastrophic tone of the media, suggests a more serious breach.
“The incident has caused, and is expected to continue to cause, disruptions and restrictions on access to certain of the Company’s information systems and business applications that support aspects of the Company’s operations and business functions,” Stryker said in the filing. “While the company is working diligently to restore affected functionality and system access, the timeline for a full recovery is not yet known.”
In a later update posted on the company’s website, Stryker said it is still addressing the disruption and currently has no reason to believe ransomware or malware was deployed. “We believe the situation is contained within our internal Microsoft environment only,” it said.
“Our products like Mako, Vocera and LIFEPAK35 are completely safe to use.”
Customers who placed orders before the attack will see them shipped “as soon as our system communications are restored”, the firm said, adding that all orders placed after the attack were “being investigated”.
The earliest reports about Handala date back to late 2023, and they are described as “hacktivists linked to Iran’s Ministry of Intelligence and Security” who mainly target Israeli organizations around the world.
Via Bleeping Computer
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
