Stryker Recovers From Data-Wiping Cyberattack
▼ Summary
– Stryker Corporation is now fully operational three weeks after a cyberattack by the Iranian-linked Handala group wiped many of its systems.
– The attackers compromised a Windows domain admin account, created a new Global Administrator, and wiped nearly 80,000 devices after claiming to steal 50 terabytes of data.
– Following the attack, CISA and Microsoft released security guidance, and the FBI seized two websites used by the Handala hackers.
– Stryker’s investigation, aided by cybersecurity experts, found a malicious file used to hide the attackers’ activity within its network.
– The Handala group is an Iranian-linked, pro-Palestinian hacktivist operation known for targeting Israeli organizations with data-wiping malware and leaking stolen data.
Three weeks after a major cyberattack claimed by an Iranian-linked hacktivist group, Stryker Corporation has announced its global operations are now fully restored. The Fortune 500 medtech giant, which reported $22.6 billion in sales last year, saw nearly 80,000 devices wiped in the incident. The company has successfully brought its manufacturing, ordering, and distribution systems back online, moving production rapidly toward full capacity.
The attack began on March 11. The group known as Handala compromised a Windows domain admin account, created a new Global Administrator account, and proceeded to wipe systems after claiming to have stolen 50 terabytes of data. In response to the breach, both CISA and Microsoft issued guidance on securing Intune and hardening Windows domains to prevent similar intrusions. The FBI also seized two websites used by the hackers.
Stryker’s recovery efforts were swift and focused. By March 23, teams were prioritizing the restoration of systems critical for customer, ordering, and shipping operations. The company confirmed this week that its global manufacturing network is fully operational. Product supply remains healthy across most lines, ensuring the company can continue to meet customer demand and support patient care.
While initial assessments suggested no malicious tools were used, the investigation later uncovered a malicious file that helped the attackers conceal their activity within Stryker’s network. The company continues to work with third-party cybersecurity experts, government agencies, and industry partners around the clock. This collaboration reflects a shared commitment to protecting the broader healthcare ecosystem and supporting ongoing recovery.
The Handala hacktivist group, also known as Hatef or Hamsa, emerged in late 2023. It is an Iranian-linked, pro-Palestinian operation known for targeting Israeli organizations with data-wiping malware for both Windows and Linux systems. The group has been linked to Iran’s Ministry of Intelligence and Security and frequently leaks sensitive data stolen from compromised victim networks.
(Source: BleepingComputer)