Stryker Medical Devices Hit by Handala Hack Wiper Attack; Network Disruption Ongoing

Iran-linked hacking group Handala Hack, aligned with Iran's Ministry of Intelligence, executed a destructive wiper attack on medical device manufacturer Stryker on March 12. The attack disrupted Stryker's Microsoft environment, wiping Windows systems globally. Attackers likely accessed the company via Microsoft Intune administrative tools through a compromised access broker account, with no indication of traditional malware involved.

Key Takeaways

• Handala Hack claimed responsibility via Telegram, citing retaliation for U.S./Israeli airstrikes that killed 165 civilians at Iranian school
• Attack wiped devices via Intune (Microsoft's remote management tool); no malware or ransomware payload detected
• Stryker's LifePak, LifeNet, and Mako medical devices functioning normally; broader network recovery timeline unknown

Original source: Ars Technica