According to information, Stryker confirmed that the attack affected Microsoft’s internal systems but did not impact connected medical devices. Some hospitals and emergency services temporarily suspended data transmission via Lifenet, and company employees reported issues in countries such as the USA, Ireland, and Australia. Experts analyzing the incident suggest that hackers may have used stolen credentials to access Microsoft Intune, allowing them to delete data on thousands of devices.
The Handala group claimed responsibility for the cyberattack, which, according to Western specialists, is linked to Iranian intelligence services. In their Telegram channel, the hackers described the attack as a response to a strike on a school in Iran, which, according to local media, resulted in the deaths of over 160 people, including children. This incident underscores that conflicts in the Middle East are already affecting American businesses through cyber operations.
Previously, American officials and cybersecurity experts noted that the Stryker breach was the first significant case where cyber weapons were used within the framework of a broader military conflict involving the USA. Cynthia Kaiser, a former FBI employee, emphasized that the current confrontation has merged digital and traditional combat operations. American authorities confirmed that cyberattacks entered the first phase of retaliatory actions against Iran at the end of last month.
Amid uncertainty in Washington's strategy regarding Iran, experts predict new cyberattacks on American networks. Jen Easterly, former director of CISA, pointed out that Iranian entities retain significant capabilities in cyber confrontation despite the pressure being exerted on them. In her opinion, not only critical infrastructures such as water supply and energy are at risk, but also any private business.
Western intelligence agencies have long considered Iran to be a less technologically advanced adversary compared to China or Russia, but more unpredictable. Iranian hackers often resort to simple and mass methods, such as phishing. Although such actions have not always led to serious consequences, the attack on Stryker clearly stands out as an exception.
An important aspect of the attack is that Handala, while positioning itself as an independent hacktivist group, is closely linked to the Iranian government. The Israeli company Check Point, in its research, pointed to the connection between Handala and the Iranian Ministry of Intelligence and Security, claiming that the group is actively involved in cyberattacks and has expanded its operations to Europe and the USA.
As of now, the reason for the Stryker breach has not been officially disclosed. Investigative authorities are considering the version of compromised credentials of employees or contractors, likely as a result of a phishing attack. Such access could have allowed hackers to gain control over Microsoft Intune, giving them the ability to erase data on thousands of devices. Internal company messages indicate that employees noticed data being wiped on their devices and were advised to remove mobile device management applications.
It remains unclear whether the hackers specifically targeted Stryker or if the choice was random. In their Telegram channel, Handala linked the attack to revenge for the strike on a school in Iran, where, according to Iranian media, over 160 people, including children, were killed. The Pentagon is investigating the circumstances of the strike and, according to The Wall Street Journal, is considering its possible connection to the USA.
Since the beginning of the current conflict, specialists have recorded other episodes of alleged Iranian activity: attacks on government mail systems in Albania, attempts to breach a nuclear research organization in Poland, and operations in Gulf countries. However, none of these incidents reached the scale and consequences of the attack on Stryker. Furthermore, Iranian hackers are increasingly not only causing damage but also attempting to amplify the effect of their threats with public statements, creating a sense of vulnerability and pressure among victims.
The post "Revenge for the Children": Handala hackers claimed they attacked Stryker after the strike on the Iranian school first appeared on K-News.
