An Iran-associated cyberattack has significantly disrupted operations at Stryker, a leading medical technology company based in the United States. The attack primarily targeted the company’s Microsoft environment, causing notable challenges in order processing, manufacturing, and shipping.
Impact on Stryker’s Operations
In a recent statement, Stryker confirmed the cyberattack’s impact on its global operations, highlighting disruptions confined to its Microsoft systems. The company is actively working to restore its systems to ensure the continuity of patient care and uphold its commitment to customers.
Business continuity measures have been enacted to support Stryker’s partners and customers during this challenging period. Despite the disruptions, the company remains focused on mitigating the impact and resuming normal operations as swiftly as possible.
Investigation and Response
The precise nature of the cyberattack remains under investigation, with uncertainty surrounding whether direct targeting of operational technology systems occurred. Reports indicate that support and administrative staff, particularly in Ireland, have been affected, with many relying on platforms like WhatsApp to receive updates on their work status.
The attack has been attributed to the hacker group Handala, which claims to have erased over 200,000 devices and forced the closure of several international offices. The group also alleges the theft of 50TB of data from Stryker’s systems.
Techniques Employed by Hackers
While initial reports suggested the use of wiper malware, subsequent findings reveal that Handala utilized living-off-the-land techniques, specifically leveraging Microsoft Intune for remote system wiping. This cloud-based management service is designed to manage and secure devices and applications across organizations.
Despite the severity of the breach, Stryker’s investigation has not identified any malware or ransomware involvement. The Handala group is believed to operate under the guise of a pro-Palestinian hacktivist collective, yet cybersecurity experts suspect it serves as a front for Void Manticore, an entity linked to Iranian state actors.
As the company continues its recovery efforts, Stryker emphasizes its dedication to overcoming the cyberattack’s repercussions and maintaining its essential role in the healthcare technology sector.
