One of the world’s largest medical device manufacturers has become the latest and most consequential target in what Iranian-linked cyber operatives are calling an escalating campaign against Western economic infrastructure. Stryker Corporation, a Michigan-based firm whose products reach more than 150 million patients annually across 61 countries, confirmed on Wednesday that it was “experiencing a global network disruption to our Microsoft environment as a result of a cyberattack”, an incident that knocked out Windows-based laptops and mobile phones systems connected to its beginning shortly after midnight on the US East Coast.
Calls to the company’s headquarters in Portage, Michigan were met with a recorded message stating the company was dealing with “a building emergency”, reported Al Jazeera.
Who Is Behind the Cyber Attack on Stryker – and Why
Responsibility for the major cyberattack on Stryker has been claimed by Handala, a hacking persona with documented ties to Tehran, which stated it carried out the intrusion in direct retaliation for a strike on a school in Minab, a city in southern Iran, in which more than 170 people were killed, the majority of them schoolgirls, on the first day of the US-Israeli military campaign against Iran.
The group has framed the attack as proportionate retribution, declaring that the stolen data is “now in the hands of the free people of the world.”
Handala described the incident as “the beginning of a new chapter in cyber warfare.”
The school strike has drawn international scrutiny. An investigation by Al Jazeera’s Digital Investigations Unit, using satellite imagery analysis, found the site was possibly deliberately targeted. Six senior Democratic senators in the United States have since called for a formal investigation, stating in a joint declaration that they were “horrified” by the incident.
Scale of the Iranian Breach
The group claims to have exfiltrated 50 terabytes of Stryker’s corporate data. Stryker, which reported revenues exceeding $25 billion in 2025 and manufactures everything from artificial joints and robotic surgery systems to hospital beds and surgical instruments, said it had found no evidence of ransomware or malware and believed the incident to be contained.
Staff reported, however, that Handala’s logo had appeared on company login pages, a visible marker of the intrusion.
The FBI and the Department of Homeland Security’s cybersecurity agency did not respond to requests for comment.
Handala simultaneously claimed an attack on payments company Verifone, which denied experiencing any service disruption.
A Broader Iranian Cyber Offensive
The Stryker attack does not appear to be an isolated incident. Iran’s Islamic Revolutionary Guard Corps this week issued warnings designating US and Israeli-linked “economic centers and banks” across the region as legitimate targets.
State-affiliated Iranian media published a list of prominent US technology firms, among them Google, Microsoft, and Nvidia, characterizing their regional infrastructure as “Iran’s new targets.”
An Iranian security source, speaking to Al Jazeera‘s Tohid Asadi, suggested the conflict was entering “a new phase,” hinting that a key regional waterway could face restrictions akin to those previously threatened by Tehran regarding the Strait of Hormuz — though declining to provide further detail.
