Stryker, a leader in medical technology, announced that it is working on recovering its computers and internal systems after a cyber incident allegedly enabled pro-Iranian hackers to remotely erase the data on thousands of employee devices.
This breach, which has caused significant interruptions to the company’s operations, is believed to be the first significant cyber offensive in the U.S. linked to the Trump administration’s military actions in Iran.
In a recent update, Stryker reported that the cyberattack on March 11 was confined to its internal Microsoft network, assuring that its internet-connected medical devices are “secure for use.”
While the exact cause of the incident remains under scrutiny, the medical technology manufacturer stated there is no evidence of ransomware or malware. However, Stryker noted that its operations for processing orders, manufacturing, and shipping devices are still facing disruptions.
The pro-Iranian hacking collective known as Handala has claimed responsibility for the damaging breach, asserting their actions were in retaliation for a U.S. air strike on an Iranian school that resulted in the deaths of at least 175 individuals, primarily children. They also altered the company’s login pages, replacing them with their own emblem.
As reported by Bleeping Computer, the Handala group may have infiltrated the network using an internal Stryker administrator account, which afforded them extensive access to the company’s Windows environment. The hackers reportedly gained entry to Stryker’s Microsoft Intune dashboards, which facilitate the remote management of employee laptops and mobile devices, including the capability to delete data if a device is misplaced or stolen.
Compromising the Intune dashboards would enable attackers to remotely erase data from employee phones and laptops, inclusive of personal devices, without the need for malware.
Additionally, the Wall Street Journal confirmed that the hackers focused on Intune.
A representative from Stryker did not provide a response to inquiries regarding the breach, including whether the allegedly breached account had multi-factor authentication enabled.
It remains uncertain how the hackers first accessed Stryker’s network. Security experts at Palo Alto Networks suggested that the Handala hackers might have utilized phishing methods to compromise the network. IBM indicated that this Iran-aligned hacking group is recognized for employing phishing strategies and carrying out destructive attacks, particularly against the healthcare and energy sectors. The involvement of infostealer malware, capable of harvesting passwords and credentials, may also be a contributing factor.
According to Reuters, Stryker employs approximately 56,000 individuals globally and operates in over 60 countries.