Stryker Company, one of many world’s main medical know-how corporations, says it is absolutely operational three weeks after lots of its methods had been worn out in a cyberattack claimed by the Iranian-linked Handala hacktivist group.
The Fortune 500 medtech big has over 53,000 staff, makes a variety of merchandise (together with neurotechnology and surgical gear), and reported international gross sales of $22.6 billion in 2024.
The attackers started wiping Stryker’s methods on March 11, claiming they’d stolen 50 terabytes of knowledge earlier than wiping almost 80,000 units early that morning, utilizing a brand new International Administrator account created after compromising a Home windows area admin account.
After the assault was disclosed, CISA and Microsoft launched steerage on securing Intune and hardening Home windows domains to dam comparable assaults, whereas the FBI seized two web sites utilized by the Handala hackers.
On Wednesday, Stryker introduced that it had restored sufficient methods to return to pre-attack operational ranges and that manufacturing would rapidly attain full capability.
“As of this week, we’re absolutely operational throughout our international manufacturing community. Manufacturing is shifting quickly towards peak capability with self-discipline and stability, supported by restored industrial, ordering and distribution methods,” Stryker mentioned.
“Total product provide stays wholesome, with robust availability throughout most product traces, as we proceed to satisfy buyer demand and help affected person care.”
“Our work continues across the clock in shut partnership with third‑celebration cybersecurity consultants, related authorities companies and trade companions as our investigation progresses, reflecting a shared dedication to defending the healthcare ecosystem and supporting ongoing restoration efforts,” it added.
This comes after the corporate mentioned on March 23 that its groups had been prioritizing the restoration of methods that straight help buyer, ordering, and delivery operations.
Though it was initially believed the attackers hadn’t used any malicious instruments in the course of the breach, Stryker additionally revealed that security consultants who helped with the investigation discovered a malicious file that helped the attackers disguise malicious exercise whereas inside the corporate’s community.
Handala (often known as Handala Hack Staff, Hatef, Hamsa) surfaced in December 2023 as an Iranian-linked and pro-Palestinian hacktivist operation that has been focusing on Israeli organizations with Home windows and Linux data-wiping malware.
The hacktivist group has been linked to Iran’s Ministry of Intelligence and Safety (MOIS) and can be recognized for leaking delicate information stolen from victims’ compromised methods.
Automated pentesting proves the trail exists. BAS proves whether or not your controls cease it. Most groups run one with out the opposite.
This whitepaper maps six validation surfaces, exhibits the place protection ends, and gives practitioners with three diagnostic questions for any device analysis.
