Iran-Backed Hacktivist Handala Claims Wiper Attack Shutting Down Stryker Operations in 79 Countries
What Happened — The Iran‑linked hacktivist group Handala announced a destructive wiper campaign that erased data on more than 200,000 systems, servers and mobile devices belonging to Stryker, a global medical‑technology manufacturer. The attack forced the closure of Stryker sites in 79 countries and sent thousands of employees home.
Why It Matters for TPRM —
- Operational shutdown of a critical medical‑device supplier can delay patient care and product delivery.
- Wiper malware demonstrates the risk of state‑aligned hacktivist activity targeting supply‑chain partners.
- Lack of resilient backup and recovery controls can amplify business impact.
Who Is Affected — Healthcare‑technology manufacturers, medical‑device OEMs, and any downstream hospitals or clinics that rely on Stryker products.
Recommended Actions — Review Stryker’s incident‑response and backup capabilities, verify continuity‑of‑operations plans, and assess alternative suppliers for critical devices.
Technical Notes — The attack leveraged a custom wiper payload delivered via compromised credentials and possibly phishing, overwriting data and defacing login screens with the Handala logo. No public CVE is associated. Source: Krebs on Security