Iran-Linked Hackers Wipe 200,000 Stryker Devices in Retaliatory Cyberattack

Dark cybersecurity visualization showing hacked medical technology network with warning alerts

Iran-linked hacktivist group Handala has claimed responsibility for a massive cyberattack on Stryker, the $20 billion U.S. medical technology giant. The group says it wiped over 200,000 systems, servers, and mobile devices, extracted 50 terabytes of data, and forced Stryker offices in 79 countries to shut down. Stryker has confirmed a “global network disruption” but insists the incident is contained. Given the scale of the damage, that’s a generous characterization.

What Happened

Handala posted its claim on X, stating the attack was “in retaliation for the brutal attack on the Minab school and in response to ongoing cyber assaults against the infrastructure” of Iran and its allies. The group was referring to the U.S. military’s recent bombing of a girls’ school in Tehran that killed more than 175 people, most of them children.

According to The Wall Street Journal, many of Stryker’s global systems have been wiped, and some login pages now display the Handala logo instead of normal interfaces. Internal notices warned employees of a “severe, global disruption across the Windows environment impacting both client devices and servers.”

Why Stryker?

Stryker makes medical devices and technology for hospitals — not an obvious military target. But the company has operations in Israel and secured a $450 million contract from the Department of Defense last year to supply medical devices to the U.S. military. For a group looking to strike at American defense infrastructure, that contract made Stryker a target.

This is a textbook example of how defense supply chains create unexpected attack surfaces. Companies that do business with the Pentagon become geopolitical targets, even when their primary business is making surgical equipment.

Who Is Handala?

According to IBM X-Force Exchange, Handala emerged after Hamas’ October 7 attack on Israel and has since targeted Israeli civilian infrastructure, Gulf energy companies, and Western organizations. The group uses a broad toolkit: phishing, custom wiper malware, ransomware-style extortion, data theft, and hack-and-leak operations.

The key detail here is the wiper malware. This wasn’t a ransomware attack where hackers encrypt your data and demand payment. Wipers are designed purely to destroy — no negotiation, no decryption key, just damage. That’s consistent with a politically motivated attack rather than a financially motivated one.

Stryker’s Response

A Stryker spokesperson told TechCrunch: “We have no indication of ransomware or malware and believe the incident is contained. Our teams are actively working to restore systems and operations as quickly as possible.”

The “no indication of ransomware” line is technically accurate but misleading — this was a wiper attack, which is worse than ransomware because there’s nothing to negotiate. And “contained” is doing a lot of heavy lifting when 200,000 devices across 79 countries have allegedly been wiped.

The Bottom Line

A hacktivist group just demonstrated that medical technology companies with Pentagon contracts are fair game in geopolitical conflicts. Handala’s attack on Stryker is one of the largest wiper attacks against a U.S. company in recent memory. The 200,000 device figure may be inflated — hacktivist groups routinely exaggerate their impact — but Stryker’s own internal communications confirm the disruption is “severe” and “global.” As the U.S.-Iran conflict continues to escalate, expect more companies in the defense supply chain to find themselves in the crosshairs.