An Iran-linked hacker group has claimed responsibility for a cyberattack on US medical technology company Stryker, in what appears to be the first significant hacking incident targeting an American company since the start of the conflict between the United States and Iran, according to a report by NBC News.
Stryker, headquartered in Michigan, manufactures a range of medical equipment and healthcare technology products. The attack disrupted company devices and internal communications, NBC News reported.
The hacker group Handala Team said it carried out the attack, posting claims of responsibility on its Telegram and X accounts, according to the report.
Devices disrupted after apparent remote wipe
A Stryker employee told NBC News that work-issued phones stopped functioning during the incident, halting internal communications and work operations.
Public evidence of the attack suggests the hackers may have gained access to the company’s Microsoft Intune account, a device management platform used to administer corporate devices, the report said.
From that system, the attackers appear to have remotely reset some employee devices to factory settings.
“They seem to have obtained access to the Microsoft Intune management console. This is a solution for managing corporate devices,” Rafe Pilling, director of threat intelligence at cybersecurity firm Sophos, told NBC News.
“One of the features is the ability to remotely wipe a device if it’s lost or stolen. Looks like they triggered that for some or all of the enrolled devices,” he added.
Microsoft describes the remote wipe function as a tool used to reset or erase devices that are lost, stolen, retired or being repurposed.
Company says core systems were not breached
Stryker said in a statement on its website that the disruption stemmed from a cyberattack affecting its Microsoft environment, but said the company’s internal systems were not directly compromised.
“Stryker is experiencing a global network disruption to our Microsoft environment as a result of a cyber attack. We have no indication of ransomware or malware and believe the incident is contained,” the company said.
The company also said ransomware, a type of cyberattack that encrypts data to demand payment, was not involved in the incident.
Cyber activity during the US-Iran conflict
According to NBC News, cybersecurity companies including Google and email security firm Proofpoint have said most Iran-linked hacking activity since the start of the conflict has focused on espionage rather than disruptive attacks.
Some hacker groups aligned with Iranian leadership had previously claimed small-scale cyber incidents, such as briefly altering website appearances, but those incidents did not appear to cause major operational disruption.
The Stryker incident represents a different type of attack, involving the deletion of data from devices, according to the report.
Background: Iran’s past cyber operations
Iran has previously been linked to high-profile cyberattacks that wiped data from computer systems belonging to adversaries.
According to NBC News, examples include the 2012 cyberattack on Saudi Aramco, Saudi Arabia’s national oil company, and the 2014 attack on the Sands Casino in the United States.
Those operations were described as “wiper” attacks designed to erase data from targeted networks.
The details of how the latest attack was conducted remain unclear, according to the report.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
