A group of Iran-linked hackers say they have broken into the servers of U.S. medical tech giant Stryker, causing disruptions worldwide. As of Wednesday morning, many of Stryker’s global systems have been wiped, and some login pages are instead showing the logo of the hacker group.

The hacktivist group, known as Handala, claimed responsibility for the attack in a message posted on an X account purporting to belong to the group. The hackers wrote that they attacked Stryker “in retaliation for the brutal attack on the Minab school and in response to ongoing cyber assaults against the infrastructure” of Iran and its allies. The hackers were referring to the Minab girls school in Tehran, which the U.S. military reportedly bombed in its recent attacks on Iran, killing more than 175 people, most of them children.

Stryker, which makes medical devices and technology for hospitals, does not appear to be directly linked to the recent attacks on Iran, though it has operations in Israel and did last year secure a $450 million contract from the Department of Defense to supply medical devices to the U.S. military.

“In this operation, over 200,000 systems, servers, and mobile devices have been wiped and 50 terabytes of critical data have been extracted. Stryker’s offices in 79 countries have been forced to shut down,” the hackers wrote.

The hackers’ claims appear to be at least partly credible. According to The Wall Street Journal, some Stryker systems all over the world have been wiped, and others are showing the logo of the hackers group on login pages. 

“Our teams are actively working to restore systems and operations as quickly as possible. Stryker has business continuity measures in place, and we’re committed to continuing to serve our customers,” a Stryker spokesperson told the Journal.

“Stryker is currently experiencing a severe, global disruption across the Windows environment impacting both client devices and servers,” read a notice sent to employees, according to the WSJ. “The issue is widespread and significantly affecting users’ ability to access systems and services.”

The company did not immediately respond to TechCrunch’s request for comment. The U.S. Cybersecurity and Infrastructure Security Agency, which responds to cyberattacks, did not respond to a request for comment.

According to the IBM X-Force Exchange, Handala emerged after Hamas’ October 7 attack on Israel and has targeted Israeli civilian infrastructure, energy companies in the Gulf region, and Western organizations. “Its operations focus on generating disruptive and psychological impact,” the company wrote on the exchange, which tracks threat groups. “Handala employs a broad and evolving toolkit, including phishing, custom wiper malware, ransomware‑style extortion, data theft, and hack‑and‑leak activity. Its campaigns consistently feature ideological messaging, inflated or misleading breach claims, and deliberate targeting of life‑critical sectors such as healthcare and energy.”

Handala also has a website that lists and doxes dozens of Israelis who allegedly work or used to work for the Israeli Defense Forces, as well as major local defense and surveillance contractors, such as Elbit Systems and NSO Group. 

Israeli cybersecurity firm Check Point wrote in a recent report that since the start of the war in Iran, Handala is “breaking into low-hanging systems, conducting hack-and-leak activity, and timing the publication of stolen material to maximize pressure.”

View Bio