According to information provided by Stryker, some hospitals and emergency services were forced to temporarily halt data transmission through the Lifenet system, and reports of outages came from the USA, Ireland, and Australia. Experts analyzing the situation do not rule out the possibility of credential theft or access to Microsoft Intune, which would allow attackers to delete data from multiple devices simultaneously.
The Handala group, which claimed responsibility for the attack, is believed by Western analysts to be linked to Iranian intelligence services. In their Telegram channel, the hackers announced that their actions are a form of revenge for a strike on a school in Iran, which, according to local media, resulted in the deaths of over 160 people, including children. This incident underscores that conflicts in the Middle East are already extending beyond the region and impacting American companies through cyberattacks.
Cybersecurity experts and former U.S. officials believe that the Stryker hack is the first case of such scale where cyber actions have become part of a broader military confrontation. Cynthia Kaiser, a former FBI official, noted that the current standoff closely links digital and traditional military operations on both sides. U.S. authorities have previously acknowledged that cyberattacks have become part of the first wave of strikes against Iran at the end of last month.
Given the uncertainty in Washington's actions in the conflict with Iran, experts predict new cyberattacks on American networks. Jen Easterly, former director of CISA, reported that Iranian cyber structures continue to maintain significant capabilities despite pressure from military operations. She noted that not only critical infrastructure, such as water supply and energy, but also private companies are at risk.
Although Western intelligence agencies traditionally consider Iran to be a less technologically advanced adversary compared to Russia or China, they also note its unpredictability. Iranian hackers often use simple tools, such as phishing, to carry out attacks. Previously, warnings from Washington about potential digital responses from Tehran after military actions usually did not lead to serious incidents. However, the case with Stryker demonstrated a change in this regard.
The Handala group, while positioning itself as independent hacktivists, is believed by Western analysts to have close ties to the Iranian government. In a study conducted by the Israeli company Check Point, Handala is identified as an organization linked to the Iranian Ministry of Intelligence and Security, confirming its role in cyberattacks against the U.S. and Europe.
The official reasons for the Stryker hack have not yet been disclosed. Investigative teams are considering the possibility of compromising an employee's or contractor's credentials through a phishing attack, which could have granted access to Microsoft Intune, a platform for remote device management. By compromising such a service, attackers can delete data on thousands of devices simultaneously. Internal company messages indicate that employees noticed their phones and Windows laptops being wiped. They were advised to remove mobile device management applications and work profiles.
It is unclear whether Stryker was chosen by the attackers randomly or intentionally. In the Handala Telegram channel, the attack was described as revenge for the strike on an Iranian school, which, according to Iranian media, resulted in the deaths of over 160 people, including children. The Pentagon is currently investigating the circumstances of the strike and, according to The Wall Street Journal, is considering possible U.S. involvement.
Since the beginning of the current conflict, other instances of alleged Iranian cyber activity have been recorded, including attacks on government email systems in Albania and an attempted hack of a nuclear research organization in Poland. However, none of these incidents reached the level and scale of the attack on Stryker. Moreover, there is a noticeable change in the tactics of Iranian hackers, who have begun not only to cause damage but also to seek to publicly demonstrate their threats, creating a sense of vulnerability among victims and the broader audience.
The post "Revenge for the Children": Handala hackers claimed they attacked Stryker after the strike on the Iranian school first appeared on K-News.
