Iranian hacktivist group Handala (linked to Iran's Ministry of Intelligence and Security) has claimed responsibility for a large-scale wiper attack on medical technology company Stryker. The group alleges it erased data from over 200,000 systems across 79 countries, forcing Stryker to send home more than 5,000 workers in Ireland. Notably, the attack appears to have leveraged Microsoft Intune — a cloud-based device management platform — to issue remote wipe commands against all connected devices, rather than deploying traditional wiper malware. Stryker employees were reportedly told to urgently uninstall Intune. Handala framed the attack as retaliation for a U.S. missile strike on an Iranian school. Palo Alto Networks, which tracks Handala as a persona of MOIS-affiliated actor Void Manticore, notes the group's tactics focus on opportunistic supply-chain footholds and hack-and-leak operations primarily targeting Israel.
Sort: