Medical technology giant Stryker said it is in the process of restoring its computers and internal network after a cyberattack that allegedly allowed pro-Iranian hackers to remotely wipe tens of thousands of employee devices.
The hack, which has caused ongoing widespread disruption to the company’s operations, is believed to be the first major cyberattack on the United States in response to the Trump administration’s war on Iran.
Stryker said to one update over the weekend that the March 11 cyberattack was confined to the company’s internal Microsoft environment and that its Internet-connected medical products are “safe to use.”
While the cause of the breach is still under investigation, the medical device technology maker said it has seen no signs of ransomware or malware. Stryker said its ability to process orders, manufacture or ship devices continues to be disrupted.
A pro-Iranian hacker group called Handala claimed credit for the devastating breach, claiming its hack was in response to US airstrike on Iranian school which killed at least 175 people, mostly children. The hackers also defaced the company’s login pages with its own logo.
According to Bleeping calculatorthe Handala hackers may have broken in using an internal Stryker administrator account that was granted to them almost unlimited access on the company’s Windows network. The hackers reportedly accessed the company’s Microsoft Intune dashboards, which allow remote management of employee laptops and mobile devices, such as wiping data if an employee’s device is lost or stolen.
A successful compromise of company Intune dashboards would allow hackers to remotely wipe employee phones and laptops, including personal devices, without the use of malware.
The Wall Street Journal also reported that hackers targeted Intune.
A Stryker spokesman did not respond to a request for comment or questions about the breach, including whether the compromised account was protected with multi-factor authentication.
It’s unclear how the hackers gained access to Stryker’s network in the first place. Security researchers with Palo Alto Networks said the Handala hackers may have relied on phishing to breach Stryker’s network. IBM said the Iran-aligned hacking group is known for using phishing techniques and destructive attacks, including targeting the health care and energy sectors. Infostealer malware, which can steal a person’s passwords and credentials, may also be to blame.
Stryker has 56,000 employees worldwide and operates in more than 60 countries, according to Reuters.
