A hacktivist group with hyperlinks to Iran’s intelligence companies is claiming duty for a data-wiping assault towards Stryker, a world medical expertise firm primarily based in Michigan. Information studies out of Eire, Stryker’s largest hub outdoors of the USA, stated the corporate despatched residence greater than 5,000 employees there immediately. In the meantime, a voicemail message at Stryker’s important U.S. headquarters says the corporate is at the moment experiencing a constructing emergency.
Based mostly in Kalamazoo, Michigan, Stryker [NYSE:SYK] is a medical and surgical tools maker that reported $25 billion in world gross sales final 12 months. In a prolonged assertion posted to Telegram, an Iranian hacktivist group generally known as Handala (a.okay.a. Handala Hack Group) claimed that Stryker’s places of work in 79 nations have been pressured to close down after the group erased knowledge from greater than 200,000 methods, servers and cell units.
A manifesto posted by the Iran-backed hacktivist group Handala, claiming a mass data-wiping assault towards medical expertise maker Stryker.
“All the acquired data is now in the hands of the free people of the world, ready to be used for the true advancement of humanity and the exposure of injustice and corruption,” a portion of the Handala assertion reads.
The group stated the wiper assault was in retaliation for a Feb. 28 missile strike that hit an Iranian college and killed at the least 175 folks, most of them kids. The New York Occasions studies immediately that an ongoing navy investigation has decided the USA is accountable for the lethal Tomahawk missile strike.
Handala was one in every of a number of Iran-linked hacker teams not too long ago profiled by Palo Alto Networks, which hyperlinks it to Iran’s Ministry of Intelligence and Safety (MOIS). Palo Alto says Handala surfaced in late 2023 and is assessed as one in every of a number of on-line personas maintained by Void Manticore, a MOIS-affiliated actor.
Stryker’s web site says the corporate has 56,000 workers in 61 nations. A cellphone name positioned Wednesday morning to the media line at Stryker’s Michigan headquarters despatched this creator to a voicemail message that acknowledged, “We are currently experiencing a building emergency. Please try your call again later.”
A report Wednesday morning from the Irish Examiner stated Stryker workers are actually speaking through WhatsApp for any updates on once they can return to work. The story quoted an unnamed worker saying something linked to the community is down, and that “anyone with Microsoft Outlook on their personal phones had their devices wiped.”
“Multiple sources have said that systems in the Cork headquarters have been ‘shut down’ and that Stryker devices held by employees have been wiped out,” the Examiner reported. “The login pages coming up on these devices have been defaced with the Handala logo.”
Wiper assaults normally contain malicious software program designed to overwrite any current knowledge on contaminated units. However a trusted supply with information of the assault who spoke on situation of anonymity instructed KrebsOnSecurity the perpetrators on this case seem to have used a Microsoft service referred to as Microsoft Intune to problem a ‘remote wipe’ command towards all linked units.
Intune is a cloud-based answer constructed for IT groups to implement safety and knowledge compliance insurance policies, and it gives a single, web-based administrative console to watch and management units no matter location. The Intune connection is supported by this Reddit dialogue on the Stryker outage, the place a number of customers who claimed to be Stryker workers stated they have been instructed to uninstall Intune urgently.
Palo Alto says Handala’s hack-and-leak exercise is primarily targeted on Israel, with occasional focusing on outdoors that scope when it serves a particular agenda. The safety agency stated Handala additionally has taken credit score for current assaults towards gas methods in Jordan and an Israeli power exploration firm.
“Recent observed activities are opportunistic and ‘quick and dirty,’ with a noticeable focus on supply-chain footholds (e.g., IT/service providers) to reach downstream victims, followed by ‘proof’ posts to amplify credibility and intimidate targets,” Palo Alto researchers wrote.
The Handala manifesto posted to Telegram referred to Stryker as a “Zionist-rooted corporation,” which can be a reference to the corporate’s 2019 acquisition of the Israeli firm OrthoSpace.
Stryker is a serious provider of medical units, and the continuing assault is already affecting healthcare suppliers. One healthcare skilled at a serious college medical system in the USA instructed KrebsOnSecurity they’re at the moment unable to order surgical provides that they usually supply by Stryker.
“This is a real-world supply chain attack,” the knowledgeable stated, who requested to stay nameless as a result of they weren’t licensed to talk to the press. “Pretty much every hospital in the U.S. that performs surgeries uses their supplies.”
John Riggi, nationwide advisor for the American Hospital Affiliation (AHA), stated the AHA shouldn’t be conscious of any supply-chain disruptions as of but.
“We are aware of reports of the cyber attack against Stryker and are actively exchanging information with the hospital field and the federal government to understand the nature of the threat and assess any impact to hospital operations,” Riggi stated in an e-mail. “As of this time, we are not aware of any direct impacts or disruptions to U.S. hospitals as a result of this attack. That may change as hospitals evaluate services, technology and supply chain related to Stryker and if the duration of the attack extends.”
It is a growing story. Updates will likely be famous with a timestamp.
Replace, 2:54 p.m. ET: Added remark from Riggi and views on this assault’s potential to show right into a supply-chain drawback for the healthcare system.
