Leading medical technology company Stryker has been hit by a wiper malware attack claimed by Handala, an Iranian-linked and pro-Palestinian hacktivist group.
The medtech giant manufactures a range of products, including surgical and neurotechnology equipment. With over 53,000 employees, Stryker is a Fortune 500 company that reported global sales of $22.6 billion in 2024.
Handala says they stole 50 terabytes of data before wiping tens of thousands of systems and servers across the company’s network, forcing Stryker to shut down in “an unprecedented blow.”
“In this operation, over 200,000 systems, servers, and mobile devices have been wiped and 50 terabytes of critical data have been extracted,” the attackers said. “Stryker’s offices in 79 countries have been forced to shut down.”
This aligns with reports from people claiming to be Stryker employees from the United States, Ireland, Costa Rica, and Australia, who said their managed Windows and mobile devices were remotely wiped in the middle of the night. The attackers have also defaced the company’s Entra login page to display a Handala logo.
A Stryker employee told BleepingComputer the incident began early Wednesday morning, when devices enrolled in the company’s mobile device management system were remotely wiped. The employee said colleagues who had personal phones enrolled for work access also lost data after their devices were reset.
Staff were instructed to remove corporate management and applications from their personal devices, including the Intune Company Portal, Teams, and VPN clients.
Numerous employees also report that the attack disrupted access to internal services and applications, forcing some locations to revert to “pen and paper” workflows after systems became unavailable.
As a result of the attack, Stryker is now working to restore their systems amid a global outage, as first reported by The Wall Street Journal.
“We are experiencing a severe, global disruption impacting all Stryker laptops and systems that connect to our network,” Stryker told employees in Cork, Ireland, according to local media.
“At this time, the root cause has not yet been identified. We are actively engaged with Microsoft and treating this a critical, enterprise-wide incident,” the company also told employees in Asia.
Handala (also known as Handala Hack Team, Hatef, Hamsa) first surfaced in December 2025 as a hacktivist operation linked to Iran’s Ministry of Intelligence and Security (MOIS) that targets Israeli organizations with destructive malware designed to wipe Windows and Linux devices.
They are also known for stealing sensitive data from victims’ compromised systems and publishing it on the group’s data leak portals.
BleepingComputer reached out to a Stryker spokesperson with questions about the incident, but a response was not immediately available.
Red Report 2026: Why Ransomware Encryption Dropped 38%
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
Related Articles:
Amazon: Drone strikes damaged AWS data centers in Middle East
UK warns of Iranian cyberattack risks amid Middle-East conflict
Medical device maker UFP Technologies warns of data stolen in cyberattack
Android mental health apps with 14.7M installs filled with security flaws
Exposed MongoDB instances still targeted in data extortion attacks