Stryker Hacked, 50 Terabytes Gone: How A US Strike On A School In Iran Set Off A Global Cyberattack

(MENAFN- Live Mint) One of the world's largest medical device manufacturers has become the latest and most consequential target in what Iranian-linked cyber operatives are calling an escalating campaign against Western economic infrastructure. Stryker Corporation, a Michigan-based firm whose products reach more than 150 million patients annually across 61 countries, confirmed on Wednesday that it was "experiencing a global network disruption to our Microsoft environment as a result of a cyberattack", an incident that knocked out Windows-based laptops and mobile phones connected to its systems beginning shortly after midnight on the US East Coast.

Also Read | Iranian drone strike in Kuwait injures dozens of US troops, report says

Calls to the company's headquarters in Portage, Michigan were met with a recorded message stating the company was dealing with“a building emergency”, reported Al Jazeera.

Who Is Behind the Cyber Attack on Stryker - and Why

Responsibility for the major cyberattack on Stryker has been claimed by Handala, a hacking persona with documented ties to Tehran, which stated it carried out the intrusion in direct retaliation for a strike on a school in Minab, a city in southern Iran, in which more than 170 people were killed, the majority of them schoolgirls, on the first day of the US-Israeli military campaign against Iran.

The group has framed the attack as proportionate retribution, declaring that the stolen data is "now in the hands of the free people of the world."

Handala described the incident as“the beginning of a new chapter in cyber warfare.”

Also Read | Iran Says Truce Depends on US, Israel Pledging No Future Strikes

The school strike has drawn international scrutiny. An investigation by Al Jazeera's Digital Investigations Unit, using satellite imagery analysis, found the site was possibly deliberately targeted. Six senior Democratic senators in the United States have since called for a formal investigation, stating in a joint declaration that they were "horrified" by the incident.

Scale of the Iranian Breach

The group claims to have exfiltrated 50 terabytes of Stryker's corporate data. Stryker, which reported revenues exceeding $25 billion in 2025 and manufactures everything from artificial joints and robotic surgery systems to hospital beds and surgical instruments, said it had found no evidence of ransomware or malware and believed the incident to be contained.

Also Read | US-Israel-Iran conflict: IEA to release 400 mn barrels of oil amid tensions

Staff reported, however, that Handala's logo had appeared on company login pages, a visible marker of the intrusion.

The FBI and the Department of Homeland Security's cybersecurity agency did not respond to requests for comment.

Handala simultaneously claimed an attack on payments company Verifone, which denied experiencing any service disruption.

A Broader Iranian Cyber Offensive

The Stryker attack does not appear to be an isolated incident. Iran's Islamic Revolutionary Guard Corps this week issued warnings designating US and Israeli-linked "economic centres and banks" across the region as legitimate targets.

State-affiliated Iranian media published a list of prominent US technology firms, among them Google, Microsoft, and Nvidia, characterising their regional infrastructure as“Iran's new targets.”

Also Read | Middle East conflict: Oil prices to hit $200 a barrel, warns Iran

An Iranian security source, speaking to Al Jazeera's Tohid Asadi, suggested the conflict was entering "a new phase," hinting that a key regional waterway could face restrictions akin to those previously threatened by Tehran regarding the Strait of Hormuz - though declining to provide further detail.

MENAFN11032026007365015876ID1110849912