Iran-Backed Handala Group Launches Wiper Attack on Stryker

The Iran-backed hacktivist group Handala (also known as Handala Hack Team) has claimed responsibility for a devastating data-wiping attack against Stryker, a global medical technology company. The attack allegedly forced the shutdown of Stryker offices in 79 countries and erased data from over 200,000 systems. Investigation reveals that the perpetrators likely used compromised credentials obtained via infostealer malware to access Stryker's Microsoft Intune instance, which they then abused to issue remote wipe commands against connected devices. The group stated the attack was retaliation for a missile strike in Iran. Palo Alto Networks links Handala to Iran's Ministry of Intelligence and Security (MOIS). This incident highlights the critical importance of credential security, multi-factor authentication, and mobile device management security. Healthcare and medical technology organizations should review their security postures and implement additional safeguards against credential theft and unauthorized access to management platforms.