Breaking: Handala Hacktivists Say 200,000+ Systems Wiped
A hacktivist group tied to Iran's intelligence apparatus has claimed responsibility for a mass data-wiping attack on Stryker, a $25 billion medical technology firm. The group, known as Handala, alleged on Telegram that it erased data from more than 200,000 systems, servers, and mobile devices across 79 countries, forcing Stryker's global offices to shut down. Stryker's Michigan headquarters has a voicemail message stating a "building emergency," and reports from Ireland indicate over 5,000 employees were sent home.
"All the acquired data is now in the hands of the free people of the world, ready to be used for the true advancement of humanity and the exposure of injustice and corruption," the Handala statement reads. The group explicitly framed the attack as retaliation for a Feb. 28 Tomahawk missile strike on an Iranian school that killed at least 175 people, mostly children – an attack The New York Times reports the U.S. military has determined it was responsible for.
Stryker, based in Kalamazoo, Michigan, employs 56,000 people in 61 countries. Its Irish hub in Cork, the largest outside the U.S., was heavily affected. An unnamed employee told the Irish Examiner: "Anything connected to the network is down. Anyone with Microsoft Outlook on their personal phones had their devices wiped." The publication noted that login screens on Stryker devices displayed the Handala logo.
Background
Handala, also tracked as the Handala Hack Team, surfaced in late 2023. Cybersecurity firm Palo Alto Networks links the group to Iran's Ministry of Intelligence and Security (MOIS). Palo Alto assesses Handala as one of several online personas operated by Void Manticore, a MOIS-affiliated threat actor. Wiper attacks are designed to irreversibly destroy data, often as a form of digital sabotage.
This incident is the latest in a series of cyber operations tied to Iran's hacktivist proxies, which have increasingly targeted critical infrastructure and corporations. Stryker's heavy reliance on digital systems for medical device manufacturing and patient data storage makes such an attack particularly disruptive. Reports indicate that Stryker staff are now using WhatsApp to communicate about when they can return to work, underscoring the extensive network paralysis.
What This Means
For the medical technology sector, this attack signals a dangerous escalation. Stryker's global operations span manufacturing, surgical equipment, and patient monitoring systems – any disruption can directly impact hospital supply chains and patient care. The group's claimed ability to wipe over 200,000 endpoints suggests a sophisticated, coordinated intrusion that likely involved deep network access or compromised credentials.
Geopolitically, Handala's stated motive – revenge for a U.S. airstrike on an Iranian school – highlights how regional conflicts are spilling into cyberspace against civilian targets. The attack also raises urgent questions about supply chain security, as Stryker's systems may have been accessed through third-party vendors or remote management tools. Affected hospitals and clinics should urgently verify their own system integrity and prepare for potential data recovery difficulties.
Stryker has not yet issued an official statement confirming the extent of the damage. However, the company's building emergency message and the mass employee dismissal in Ireland signal an enterprise-level crisis. As investigations proceed, this attack may become a benchmark for wiper attacks against medical infrastructure, prompting stricter regulations across the healthcare IT ecosystem.