1 min read

Handala Hack Wipes Stryker's Global Microsoft Network in Iran-Linked Retaliation Attack

Canopy Security
Data wiper malware concept art representing the Handala Hack attack on Stryker's Microsoft network

Stryker, a major multinational medical device manufacturer, confirmed a cyberattack on Wednesday March 12 that took down its global Microsoft environment, with the Iran-aligned Handala Hack group claiming responsibility via Telegram as a retaliatory strike. The attack is believed to have leveraged Microsoft InTune to remotely wipe employee phones and computers across the network rather than deploying traditional malware, leaving Stryker with no timeline for full recovery. Lifepak, Lifenet, and Mako surgical devices were reported as unaffected, but the incident underscores the risk of enterprise MDM platforms becoming attack vectors in geopolitically-motivated wiper campaigns.

Key Takeaways

  • Stryker filed an SEC disclosure confirming "global network disruption to our Microsoft environment"; recovery timeline unknown as of March 13
  • Handala Hack (aka Void Manticore, linked to Iran's Ministry of Intelligence and Security) reportedly abused Microsoft InTune MDM to mass-wipe Windows devices
  • Lifepak AEDs, Lifenet patient data platform, and Mako robotic surgery systems confirmed operational; internal IT environment remains offline

Original source: Ars Technica