Key Findings

* Iran-linked Handala Hack Team claims cyberattacks against Stryker Corporation and Verifone on March 11

* Stryker confirms a network disruption; Verifone denies any breach

* Handala claims to have wiped 200,000 systems and extracted 50 terabytes of data from Stryker

* The group alleges the attack was retaliation for a missile strike on an Iranian school

* Verification of claims is ongoing and independent confirmation is pending

Background

The Handala Hack Team, an Iran-linked hacking group, has emerged as a potentially significant cyber threat targeting international corporations. Recently associated with Iran's Ministry of Intelligence and Security (MOIS), the group has demonstrated a pattern of politically motivated cyberattacks with geopolitical messaging.

Stryker Incident Details

Stryker Corporation, a major medical device manufacturer, experienced a confirmed network infrastructure disruption. The company detected and contained the incident quickly, with no immediate evidence of ransomware or malware deployment. Handala claims to have compromised Stryker's systems across 79 countries, though these claims remain unverified.

Verifone Breach Claim

Handala also claimed to have breached Verifone's systems, allegedly extracting financial transaction data and disrupting payment terminals. However, Verifone has categorically denied these claims, stating no evidence of system compromise has been found.

Technical Methodology

The attackers reportedly used screenshots showing administrative interfaces and system management panels as proof of access. The potential use of Microsoft Intune for remote device wiping has been suggested, though this remains speculative pending formal investigation.

Potential Motivations

The group framed the attack as retaliation for a February 28 missile strike on an Iranian school. Their messaging includes political rhetoric and claims of exposing "injustice and corruption" against what they describe as a "Zionist-rooted corporation."

Ongoing Impact

The attack has potentially significant implications for healthcare supply chains, with some reports indicating disruptions to surgical supply ordering and device management systems across multiple countries.

Sources

• https://hackread.com/iran-handala-hackers-verifone-stryker-hacks/

• https://krebsonsecurity.com/2026/03/iran-backed-hackers-claim-wiper-attack-on-medtech-firm-stryker/