A hacker group linked to Iran says it broke into the servers of US medical technology giant Stryker, causing outages around the world. As of Wednesday morning, many of Stryker’s global systems are down, and some login pages display the hacker group’s logo.
The hacktivist group known as Handala claimed responsibility for the attack in a message posted to an X account that is supposed to belong to the group. The hackers wrote that they attacked the Stryker “in retaliation for the brutal attack on the Minab school and in response to the ongoing cyber attacks against the infrastructure” of Iran and its allies. The hackers were referring to the Minab Girls’ School in Tehran, which the US military reportedly bombed in his recent attacks in Iran, killing more than 175 people, most of them children.
Stryker, which makes medical devices and technology for hospitals, does not appear to be directly linked to the recent attacks in Iran, although it has operations in Israel and secured last year $450 million contract from the Department of Defense to supply medical devices to the US military.
“In this operation, over 200,000 systems, servers and mobile devices have been shut down and 50 terabytes of critical data has been extracted. Stryker offices in 79 countries were forced to close,” the hackers wrote.
The hackers’ claims appear to be at least partially credible. According to The Wall Street Journalsome Stryker systems around the world have been shut down and others display the hacker group’s logo on their login pages.
“Stryker is experiencing a global network outage in our Microsoft environment as a result of a cyberattack. We have no indication of ransomware or malware and believe the incident is contained,” a Stryker spokesperson told TechCrunch. “Our teams are actively working to restore systems and operations as quickly as possible. Stryker has taken business continuity measures and we are committed to continuing to serve our customers.”
“Stryker is currently experiencing a severe, global outage in the Windows environment affecting both client devices and servers,” reads a notice sent to employees, according to the WSJ. “The issue is widespread and significantly impacts users’ ability to access systems and services.”
Techcrunch event
San Francisco, California
|
13-15 October 2026
The company did not immediately respond to TechCrunch’s request for comment. The US Cybersecurity and Infrastructure Security Agency, which responds to cyberattacks, did not respond to a request for comment.
According to IBM X-Force ExchangeHandala emerged after Hamas attacked Israel on October 7 and has targeted Israeli civilian infrastructure, Gulf energy companies and Western organizations. “Its activities are focused on creating disruptive and psychological effects,” the company wrote to the exchange, which monitors threat groups. “Handala uses a broad and evolving toolbox, including phishing, custom wiper malware, ransomware-style extortion, data theft, and hack-and-leak activity. Its campaigns consistently feature ideological messaging, inflated or misleading claims of breach, and deliberate targeting of health and healthcare.”
Handala also has a website that lists and records dozens of Israelis who allegedly work or have worked for the Israel Defense Forces, as well as major local defense and surveillance contractors such as Elbit Systems and NSO Group.
Israeli cybersecurity company Check Point he wrote in a recent report that since the start of the war in Iran, Handala has been “infiltrating low-level systems, conducting hack-and-leak activity, and synchronizing the publication of stolen material to maximize pressure.”
