Iran-Backed Handala Hackers Claim Wiper Attack on Stryker — 200,000 Systems Wiped, 5,000 Workers Sent Home
TechOverwatch Intelligence Asset
"The Iran-affiliated Handala hacktivist group claims a devastating wiper attack on medical technology giant Stryker. Over 200,000 systems, servers, and mobile devices reportedly wiped. Stryker's offices in 79 countries affected."
Iran-Backed Handala Wiper Attack on Stryker
TL;DR
The Full Story
Stryker Corporation, one of the world's largest medical device manufacturers with $25 billion in annual revenue and 56,000 employees across 61 countries, is dealing with what appears to be one of the most destructive wiper attacks in recent history.
The Attack
The Iranian hacktivist group Handala posted a lengthy manifesto to Telegram claiming they had wiped data from over 200,000 systems, servers, and mobile devices. Staff at Stryker's Cork, Ireland headquarters reported that "anything connected to the network is down." Employees were sent home and are communicating via WhatsApp.
Attribution: Handala and Void Manticore
Handala was profiled by Palo Alto Networks' Unit 42 as one of several online personas maintained by Void Manticore, a threat actor affiliated with Iran's Ministry of Intelligence and Security (MOIS).
So What? — Market Impact
For healthcare organizations: Medical technology companies are high-value targets for nation-state hackers. Wiper attacks are fundamentally different from ransomware — there's no decryption key, no negotiation. The goal is destruction, not profit.
For security teams: Organizations must prioritize offline backups, network segmentation, and endpoint detection for wiper malware signatures. Stryker's stock (SYK) dropped 4.2% in pre-market trading.
Sources
💡The "So What?" — Market Strategic Impact
200K systems wiped at a $25B medical device company. Demonstrates escalation in Iran's cyber retaliation doctrine from espionage to mass destruction.