Robert Booth, UK technology editor 

Iran-linked group says it hacked US company in retaliation for Minab school bombing

Hacker group Handala claimed responsibility for attack that caused ‘global disruption’ to Stryker Corporation’s systems
  
  

rescue workers observe rubble of damaged buildings in Tehran
Iranian rescue workers work among the rubble of damaged residential buildings in central Tehran, Iran, on 12 March 2026. Photograph: Abedin Taherkenareh/EPA

An Iran-linked group said it hacked a US medical company, causing “global disruption” to its systems, in retaliation for the bombing of the Minab school in Iran, in an attack seen as widening the Middle East into the cyber realm.

Handala, a hacker group, claimed responsibility for the attack on Wednesday on the Stryker Corporation, which makes medical devices and is based in Michigan. It affected thousands of employees using the company’s Microsoft systems.

In a statement, Stryker said the attack is expected to continue to cause “disruptions and limitations of access to certain of the Company’s information systems and business applications” and warned: “the timeline for a full restoration is not yet known”.

Stryker’s share price dropped about 3% on news of the attack. Lee Sult, chief investigator at cybersecurity firm, Binalyze, called it “the first drop of blood in the water” as the Iran conflict spreads to US cyber targets and predicted “more shots are coming”. The same hacker group has already attacked Israeli cyber targets as Iran attempts to inflict economic disruption on its adversaries.

A statement posted to X, apparently from Handala, said: “We announce to the world that in retaliation for the brutal attack on the Minab school and in response to ongoing cyber assaults against the infrastructure of the Axis of Resistance, our major cyber operation has been executed with complete success.”

It called Stryker a “Zionist-rooted corporation” and claimed, without showing evidence, that it had wiped thousands of systems and mobile devices and extracted 50 terabytes of data.

Stryker said: “We have no indication of ransomware or malware and believe the incident is contained.

“The company’s investigation of the cybersecurity incident is ongoing, and the full scope, nature and impacts, including operational and financial impacts, of the incident are not yet known,” it said in a filing to the Securities and Exchange Commission on Tuesday. “Accordingly, the company has not yet determined whether the incident is reasonably likely to have a material impact on the company.”

According to Sophos, a cybersecurity company, the “Handala Hack Team” is an Iranian hacktivist persona that was first observed in 2023. It has claimed to have compromised multiple oil and gas organizations, spanning locations including Israel, Jordan and Saudi Arabia, according to Intel 471, a threat intelligence company.

“The recent surge in pro-Iranian hacktivist activity currently is providing the Iranian regime with a greater ability to project perceived power in a time where domestic connectivity is highly constrained,” Intel 471 said.

 

Leave a Comment

Required fields are marked *

*

CAPTCHA

*