- Iran-linked group Handala claimed cyberattack on US medical firm Stryker, stealing 50TB data
- Attack cited as retaliation for Minab school strike and assaults on Axis of Resistance allies
- Stryker reported global network disruption but no ransomware or malware detected, incident contained
An Iran-linked hacking group claimed responsibility Wednesday for a cyberattack on US medical technology giant Stryker, saying it had extracted 50 terabytes of data in retaliation for military strikes on Iran.
"Our major cyber operation has been executed with complete success," Handala said in a statement.
It described the hack as retribution for what it called "the brutal attack on the Minab school" in Iran, where authorities said more than 150 people were killed, and for "ongoing cyber assaults against the infrastructure of the Axis of Resistance," referring to a loose alliance of armed groups backed by Tehran.
Handala said all extracted data was "now in the hands of the free people of the world."
It issued a warning to what it described as "Zionist leaders and their lobbies," adding: "This is only the beginning of a new chapter in cyber warfare."
Stryker said in a statement it was "experiencing a global network disruption to our Microsoft environment as a result of a cyberattack. We have no indication of ransomware or malware and believe the incident is contained."
Handala, named after a figure symbolic of the Palestinian people, has claimed a series of attacks on Israeli and Gulf-region companies in recent weeks.
Since the beginning of the Iran war, it has repeatedly claimed responsibility for attacks against Israeli infrastructure, notably asserting that it has "full access" to Jerusalem's security cameras.
"They are the most notorious group affiliated with the Iranian regime," Gil Messing, head of cyber intelligence at Israel-based Check Point, said of Handala. "We have been tracking them for years."
A Google Threat Intelligence report published earlier this year said malicious activity by the group "has primarily consisted of hack-and-leak operations, but has increasingly incorporated doxxing and tactics designed to promote fear, uncertainty and doubt."
Founded in Kalamazoo, Michigan, Stryker is a global medical device giant with some 56,000 employees and $25 billion in 2025 revenues, making everything from orthopedic implants and surgical instruments to hospital beds and robotic surgery systems.
The outages began shortly after 0400 GMT on Wednesday, The Wall Street Journal reported, citing people familiar with the matter.
Windows devices -- including laptops and mobile phones connected to Stryker's networks -- were remotely wiped, the report said.
The Handala group later posted that it had also carried out an attack on Verifone, which specializes in electronic and point-of-sale payments.
Verifone told AFP that it closely monitors its operations worldwide and is aware of "threat actors" claiming to have its systems in Israel.
"Verifone has found no evidence of any incident related to this claim and has no service disruption to our clients," the company said.
(Except for the headline, this story has not been edited by NDTV staff and is published from a syndicated feed.)
Track Latest News Live on NDTV.com and get news updates from India and around the world
