Stryker Corporation, a multinational medical technology manufacturer and one of the largest companies in the sector, has been temporarily crippled following a major cyberattack that disrupted systems associated with the company and its staff. The attack has been attributed to Handala hacktivist group, a pro-Palestinian hacktivist collective reportedly based in Iran. Early reports indicate that the intrusion was politically motivated, likely linked to ongoing geopolitical tensionsm as there were no monetary or ransom demands.
About Stryker & Handala
As mentioned, Stryker Corporation is a multinational giant that manufactures medical equipment, mainly for advanced surgeries and neurotechnologies. Being around for 85 years, the company has become a giant, bringing in billions in revenue and employing over 50,000 people in over 75 countries.
Handala hacktivist group, on the other hand, is a hacktivist collective reportedly based in Iran. Being pro-Palestinian, the group first emerged in 2023. The group employs all sorts of tactics, but mainly aims to cause financial and reputational damage to companies rather than profit from attacks. Before striking Stryker, the group was targeting Israeli companies, government agencies, and politicians.
A Massive Attack Vector
The attackers targeted a crucial piece of infrastructure when going after Stryker: a platform known as Microsoft Intune. Microsoft Intune is a highly invasive management system that centralizes control over all desktops, laptops, and phones within an organization. It allows companies to push updates, install applications remotely, and even perform full factory resets on devices. The platform supports Android, iOS, macOS, and Windows. Employees are usually forced to enroll their devices, especially those used for company activities. While many employees use dedicated work phones, others enroll their personal devices as well.
Given this level of control, it is easy to see how massive the attack vector becomes if the system is compromised. It is unclear exactly how Handala managed to breach this platform, but it was likely through phishing or another form of social engineering. Once inside, Handala had complete control. In theory, they could have pushed malicious applications or carried out more complex campaigns for profit. Instead, they wiped every device enrolled in the company’s Intune network. About 200,000 devices were completely erased, bringing the company to a standstill. In addition to wiping all of these systems, the attackers managed to extract about 50 terabytes of data.
The Aftermath
It’s been a while since an attack of this scale, and Stryker has clearly felt the impact. Company offices around the world were closed, and employees are unable to use their devices. The company portal was also defaced, with Iranian flags placed across it. Stryker now faces the task of recovering roughly 200,000 devices while simultaneously investigating the full extent of the damage. The attackers reportedly extracted about 50 terabytes of data. While that is a massive amount, it remains unclear whether the data came from employee devices or core company infrastructure. Beyond the immediate disruption, the contents of that 50TB could create serious long-term consequences depending on what was taken.
Although some systems have already been restored, operations remain heavily disrupted, and significant work still lies ahead. Some IT experts suggest it could take months for the company to fully recover and secure its infrastructure. Stryker is currently working with law enforcement, and given the timing and nature of the attack, it is likely that the investigation will be treated as a national security matter in the United States.
0 Comments