Seattle, Washington: In one of the most significant cyberattacks targeting a U.S. company in recent years, Stryker Corporation faced a massive global disruption when an Iran-linked hacker group reportedly wiped over 200,000 devices across its network. Cybersecurity experts have attributed the March 11 attack to the group Handala, which used Stryker’s own internal systems to execute the assault, raising serious concerns about enterprise security preparedness.
According to the investigators, the attackers targeted administrator-level accounts and used them to issue remote wipe commands to devices spanning 79 countries. The compromised devices included laptops, smartphones, and servers, severely affecting Stryker’s internal workflows, ordering, and shipping operations. Experts describe the attack as a “living off the land” operation, where the hackers leveraged legitimate internal tools instead of malware or ransomware, effectively turning Stryker’s own systems against the company.
FCRF Launches Premier CISO Certification Amid Rising Demand for Cybersecurity Leadership
“This is a five-alarm fire,” said Chris Krebs. “It’s a wake-up call for every organization. Companies must assume that no system is immune and rehearse responses to catastrophic events.”
Employees were reportedly instructed to immediately disconnect devices, though some reported their systems being wiped in real time. The group also claimed to have stolen approximately 50 terabytes of corporate data prior to the attack, although this claim has not been independently verified. Investigators suspect compromised credentials, potentially obtained through phishing or identity-based attacks, allowed Handala access to high-level administrative controls.
Experts noted that certain system misconfigurations or vulnerabilities may have enabled the attack, though the breach primarily exploited administrative access. Organizations across industries, particularly healthcare and higher education sectors, are closely monitoring the situation due to the heightened risk of cyber threats in these domains.
Despite the scale of the attack, Stryker confirmed that its connected medical devices—including
