Iranian Hackers Attack U.S. Company Stryker in Escalation of Cyber War
None
<p>Operations at Stryker, a U.S.-based global medical technology company, were hobbled after a massive cyberattack on its Microsoft environment reportedly wiped devices running Windows, an incident for which an Iranian threat group claimed responsibility.</p><p>Handala, linked to Iran’s Revolutionary Guard Corps (IRGC), in a message on Telegram, said that Stryker offices in at least 79 countries were hit March 11 by the nation-state threat group, which claimed to have erased data from more than 200,000 systems, including servers and mobile devices, according to a <a href="https://krebsonsecurity.com/2026/03/iran-backed-hackers-claim-wiper-attack-on-medtech-firm-stryker/" target="_blank" rel="noopener">report from KrebsOnSecurity</a>.</p><p>The hackers also claimed to have extracted 50 TB of data. Flashpoint security researchers provided screenshots of internal Stryker management systems as verification of the attack.</p><p>In the message captured by the security news site, Handala states the cyberattack was in retaliation for the February 28 Tomahawk missile strike on an elementary school in Tehran that killed at least 175 people – most of them children – on the first day of bombing by U.S. and Israeli forces in a war that is now in its second week.</p><p><a href="https://www.nytimes.com/2026/03/11/us/politics/iran-school-missile-strike.html" target="_blank" rel="noopener">According to the New York Times</a>, an investigation by the military preliminarily found that the U.S. forces were responsible for the air strike.</p><h3>The Cyberwar Field Expands</h3><p>If Handala’s claim is true, the attack on Stryker would represent a significant escalation in a <a href="https://unit42.paloaltonetworks.com/iranian-cyberattacks-2026/" target="_blank" rel="noopener">parallel cyberwar</a> that has seen known Iranian nation-state groups target organizations and critical infrastructure not only in the United States and Israel but also in other countries in the Middle East.</p><p>At the same time, threat intelligence <a href="https://www.cloudsek.com/blog/ai-the-iran-us-conflict-and-the-threat-to-us-critical-infrastructure" target="_blank" rel="noopener">researchers from CloudSEK</a> and other vendors said that within hours of the initial air strikes, more than 60 pro-Iran hacktivist groups unconnected to the Iranian government <a href="https://securityboulevard.com/2026/03/pro-iranian-hacktivists-join-nation-state-groups-in-targeting-u-s-israel-others/" target="_blank" rel="noopener">mobilized on Telegram</a>, with some coming into the fold through a recruitment effort by Iranian threat groups. Threat groups from other countries, such as Russia, have also joined the fight.</p><h3>Iran Names U.S. Tech Giants as Targets</h3><p>The cyber warfare is likely to ramp in the coming days, according to Flashpoint. The security firm noted that the IRGC has named several U.S. tech companies as targets because of their ties to Israel or cloud services. Among those listed are Amazon Web Services, Google, Microsoft, IBM, Oracle, NVIDIA and Palantir. Also on the Iranian list are regional banking centers linked to the United States and Iran.</p><p>“The conflict has shifted from a purely military engagement to a total economic and technological war,” Flashpoint analysts wrote. “Over the next 48–72 hours, expect continued cyber probes against the named ‘Tasnim List’ tech companies.”</p><h3>‘Global Network Disruption’</h3><p>Officials with Stryker said in a <a href="https://www.stryker.com/us/en/about/news/2026/a-message-to-our-customers-03-2026.html" target="_blank" rel="noopener">statement to customer</a>s on its website that the company “is experiencing a global network disruption to our Microsoft environment as a result of a cyber attack. We have no indication of ransomware or malware and believe the incident is contained.”</p><p>In a <a href="https://d18rn0p25nwr6d.cloudfront.net/CIK-0000310764/7fd1068c-1cef-4fd3-8a20-8c086e15da56.pdf" target="_blank" rel="noopener">filing with the U.S. Securities and Exchange Commission</a>, the company said that once the intrusion was detected, it activated its response plan and launched an investigation that included internal teams as well as outside advisers and cybersecurity experts.</p><p>“The incident has caused, and is expected to continue to cause, disruptions and limitations of access to certain of the Company’s information systems and business applications supporting aspects of the Company’s operations and corporate functions,” Stryker told the SEC. “While the Company is working diligently to restore affected functions and systems access, the timeline for a full restoration is not yet known.”</p><h3>Customer, Partner Support Continues</h3><p>There are continuity measures that will allow Stryker – which says it has about 56,000 employees in 61 countries and in January reported $25.1 billion in net sales in 2025 – to continue to support customers and partners.</p><p>The <a href="https://www.fox17online.com/news/local-news/kzoo-bc/kalamazoo/stryker-headquarters-in-portage-closes-amid-reported-cyber-attack-affecting-global-systems" target="_blank" rel="noopener">Fox17 news station</a> in Michigan reported that Stryker’s Portage headquarters were closed and that a sign on the front door urged employees to stay off the company’s network and not to use their computers or connect their phones to the WiFi network. The sign also said for employees to remove the Stryker Management profile from their work phones.</p><h3>‘A Wake-up Call’ for CISOs</h3><p>David Lindner, CISO and data privacy officer at Contrast Security, said the attack on Stryker “should be a wake-up call for every CISO in critical manufacturing. Handala, an Iranian-linked group, didn’t encrypt files and ask for Bitcoin. They wiped them. That distinction matters enormously. Wiper malware is a weapon, not a business model.”</p><p>Lindner pointed to about 5,500 employees simultaneously locked out across Ireland, the United States, Australia, and India and manufacturing systems for orthopedic implants offline; this was more than an IT incident.</p><p>“It was a coordinated act of sabotage,” he said, noting the IRGC’s listing of tech companies and other business as targets. “Stryker, with deep US ties and operations in Israel-adjacent markets, fits that targeting profile perfectly. The medical device industry has spent a decade treating cybersecurity as a compliance checkbox. The IRGC just published a target list. Those two facts don’t coexist quietly for much longer.”</p><h3>Attack is Part of a Larger Trend</h3><p>RunSafe Security founder and CEO Joseph M. Saunders said that regardless of whether the attack on Stryker was the work of a nation-state actor or hacktivist group, it represents a broader global trend.</p><p>“Cyber operations are increasingly being used as instruments of geopolitical pressure and retaliation,” Saunders said. “When attacks disrupt major technology or healthcare companies, the impact extends beyond a single organization and becomes an economic and national security issue.”</p><p>Private industry and government agencies need to work together to make critical infrastructure and services more resilient so they can’t be disrupted during periods of geopolitical tension, he said.</p><div class="spu-placeholder" style="display:none"></div><div class="addtoany_share_save_container addtoany_content addtoany_content_bottom"><div class="a2a_kit a2a_kit_size_20 addtoany_list" data-a2a-url="https://securityboulevard.com/2026/03/iranian-hackers-attack-u-s-company-stryker-in-escalation-of-cyber-war/" data-a2a-title="Iranian Hackers Attack U.S. Company Stryker in Escalation of Cyber War"><a class="a2a_button_twitter" href="https://www.addtoany.com/add_to/twitter?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Firanian-hackers-attack-u-s-company-stryker-in-escalation-of-cyber-war%2F&linkname=Iranian%20Hackers%20Attack%20U.S.%20Company%20Stryker%20in%20Escalation%20of%20Cyber%20War" title="Twitter" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_linkedin" href="https://www.addtoany.com/add_to/linkedin?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Firanian-hackers-attack-u-s-company-stryker-in-escalation-of-cyber-war%2F&linkname=Iranian%20Hackers%20Attack%20U.S.%20Company%20Stryker%20in%20Escalation%20of%20Cyber%20War" title="LinkedIn" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_facebook" href="https://www.addtoany.com/add_to/facebook?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Firanian-hackers-attack-u-s-company-stryker-in-escalation-of-cyber-war%2F&linkname=Iranian%20Hackers%20Attack%20U.S.%20Company%20Stryker%20in%20Escalation%20of%20Cyber%20War" title="Facebook" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_reddit" href="https://www.addtoany.com/add_to/reddit?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Firanian-hackers-attack-u-s-company-stryker-in-escalation-of-cyber-war%2F&linkname=Iranian%20Hackers%20Attack%20U.S.%20Company%20Stryker%20in%20Escalation%20of%20Cyber%20War" title="Reddit" rel="nofollow noopener" target="_blank"></a><a class="a2a_button_email" href="https://www.addtoany.com/add_to/email?linkurl=https%3A%2F%2Fsecurityboulevard.com%2F2026%2F03%2Firanian-hackers-attack-u-s-company-stryker-in-escalation-of-cyber-war%2F&linkname=Iranian%20Hackers%20Attack%20U.S.%20Company%20Stryker%20in%20Escalation%20of%20Cyber%20War" title="Email" rel="nofollow noopener" target="_blank"></a><a class="a2a_dd addtoany_share_save addtoany_share" href="https://www.addtoany.com/share"></a></div></div>