Iran Linked Hackers Claim Major Cyberattack On US Medical Giant Stryker

An Iran linked hacking group has claimed responsibility for a cyberattack on US medical technology company Stryker Corporation, alleging it extracted 50 terabytes of data in retaliation for military strikes on Iran.

The group, identified as Handala, made the claim on Wednesday and described the operation as a major cyber action.

"Our major cyber operation has been executed with complete success," Handala said in a statement.

The group said the attack was carried out in response to what it called "the brutal attack on the Minab school" in Iran, where authorities reported that more than 150 people were killed. It also cited "ongoing cyber assaults against the infrastructure of the Axis of Resistance," referring to a loose alliance of armed groups backed by Tehran.

Handala said all extracted data was "now in the hands of the free people of the world."

It also issued a warning to what it described as "Zionist leaders and their lobbies," adding: "This is only the beginning of a new chapter in cyber warfare."

Stryker confirmed it is facing a network disruption. The company said it was "experiencing a global network disruption to our Microsoft environment as a result of a cyberattack. We have no indication of ransomware or malware and believe the incident is contained."

Handala, named after a figure symbolic of the Palestinian people, has claimed a number of cyberattacks on Israeli and Gulf region companies in recent weeks.

Since the beginning of the Iran war, the group has repeatedly claimed responsibility for attacks targeting Israeli infrastructure. It has also asserted that it has "full access" to security cameras in Jerusalem.

"They are the most notorious group affiliated with the Iranian regime," Gil Messing, head of cyber intelligence at Check Point Software Technologies, said while referring to Handala. "We have been tracking them for years."

A report by Google Threat Intelligence earlier this year said the group’s activity has largely involved hack and leak operations. It added that the group has increasingly used doxxing and tactics aimed at creating fear, uncertainty and doubt.

Founded in Kalamazoo, Michigan, United States, Stryker is a major global medical device manufacturer with around 56,000 employees and reported revenue of about 25 billion dollars in 2025. The company produces a wide range of medical products including orthopedic implants, surgical instruments, hospital beds and robotic surgery systems.

The disruption reportedly began shortly after 0400 GMT on Wednesday, according to a report by The Wall Street Journal citing people familiar with the matter.

The report said Windows devices including laptops and mobile phones connected to Stryker’s networks were remotely wiped.

Handala later claimed it had also targeted payment technology company Verifone.

Verifone said it is aware of claims made by threat actors regarding its systems in Israel. The company said it monitors its operations closely and found no evidence of any breach.

"Verifone has found no evidence of any incident related to this claim and has no service disruption to our clients," the company said.