One of the world’s largest medical device makers has become the latest and most serious target of what cyber operators linked to Iran call an escalating campaign against Western economic infrastructure. Stryker Corporation, the Michigan-based firm whose products reach more than 150 million patients annually in 61 countries, confirmed Wednesday that it was “experiencing a global network disruption to our Microsoft environment as a result of a cyber attack,” an incident that knocked out Windows laptops and cell phones connected to its systems shortly after midnight on the US East Coast.
Phone calls to the company’s headquarters in Portage, Michigan, were met with a recorded message that the company was experiencing a “construction emergency,” Al Jazeera reported.
Who’s Behind the Stryker Cyberattack—and Why?
Handala, a hacking figure with documented ties to Tehran, claimed responsibility for the major cyberattack on Stryker, saying she carried out the intrusion in direct retaliation for an attack on a school in Minab, a city in southern Iran, that killed more than 170 people, most of them schoolgirls, on the first day of the US-Israeli military campaign.
The group described the attack as appropriate retaliation and said the stolen data was “now in the hands of the free people of the world”.
Handala described the incident as “the beginning of a new chapter in cyber warfare”.
The school strike drew international scrutiny. An investigation by Al Jazeera’s digital investigative unit, using satellite imagery analysis, found that the site was likely to have been deliberately targeted. Six senior Democratic United States senators have since called for a formal investigation, saying in a joint statement that they were “appalled” by the incident.
The scale of the Iranian breakthrough
The group claims to have exfiltrated 50 terabytes of Stryker company data. Stryker, which reports sales of more than $25 billion in 2025 and makes everything from artificial joints and robotic surgery systems to hospital beds and surgical instruments, said it had found no evidence of ransomware or malware and believed the incident was under control.
However, employees reported that the Handaly logo appeared on the company’s login pages, a visible sign of the breach.
The FBI and the Department of Homeland Security’s Cybersecurity Agency did not respond to requests for comment.
At the same time, Handala claimed to attack payments company Verifone, which denied it had any service disruptions.
Iran’s Broader Cyber Offensive
It appears that the Stryker attack is not an isolated incident. Iran’s Islamic Revolutionary Guard Corps issued a warning this week identifying “economic centers and banks” linked to the US and Israel across the region as legitimate targets.
State-affiliated Iranian media published a list of leading US technology firms, including Google, Microsoft and Nvidia, characterizing their regional infrastructure as “Iran’s new targets”.
Speaking to Al Jazeera’s Tohid Asadi, an Iranian security source indicated that the conflict was entering a “new phase” and hinted that the key regional waterway could face restrictions similar to those previously threatened by Tehran over the Strait of Hormuz – although he declined to provide further details.
