Handala, a hacktivist collective purportedly supported by Iranian state-sponsored cyber operatives, has announced a successful breach of Stryker via communications on its Telegram channel.
Personnel at the Michigan-based corporation reported that the emblem associated with an Iran-linked threat actor has begun appearing on login interfaces. Concurrently, Stryker has acknowledged experiencing disruptions to its operations.
In a statement on LinkedIn, the company elucidated, “Stryker is currently facing a global network disturbance within our Microsoft environment owing to a cyber incursion. There are no indicators of ransomware or malicious software, and we believe the situation is contained.”
“Our teams are diligently working to ascertain the ramifications of this attack on our systems.”
“We have established business continuity protocols to ensure ongoing support for our customers and partners. We pledge to uphold transparency and will keep stakeholders apprised as new information comes to light.”
Stryker has not explicitly attributed the incident to any particular threat entity.
Handala primarily targets Israeli organizations or those affiliated with Israel and its military operations. The group employs an array of tactics, techniques, and procedures to infiltrate its targets, including spear phishing.
While some classify Handala as a ransomware operation, the group’s underlying motives are chiefly political, eschewing any monetary demands.
Following an airstrike on Iran last year, Handala proclaimed responsibility for a series of cyber offensives aimed at Israeli institutions.
The Delek Group and its Delkol subsidiary were noted as the inaugural victims in this campaign, with Handala asserting the theft of over two terabytes of sensitive data.
“Your fuel systems are exposed. and so are your secrets,” Handala warned in a leak published on June 14.
“More than two terabytes of classified information are no longer in your control. Your fuel stations are at risk. If you are wise, you will act swiftly. Refuel immediately, lest you find yourselves with nothing but desolate roads and silent aircraft. Time is not in your favor.”
The Israel Fuel Corporation, a major service station chain, falls under the Delek umbrella.
On the same day, Handala also mentioned Argentinian drone manufacturer AeroDreams, the Israeli construction firm Y.G. New Idan, and ISP 099 Primo Telecommunications as targets.
AeroDreams’ website appears to be non-operational at present, yet Handala claims the company possesses ties to the Israeli Air Force.
Following the extensive CrowdStrike outage in 2024, the group was observed disseminating emails purporting to be from the cybersecurity firm, offering solutions to the crisis.
However, disguised as an executable file labeled CrowdStrike.exe, these emails facilitated the deployment of a malicious wiper program capable of erasing entire directories from an affected system.
The group’s internet activity reportedly originates from Iranian IP addresses, and a report from Iran International links Handala to Iran’s Ministry of Intelligence.
Though some victims claim that Handala exaggerates its activities—a frequent tactic employed by hacktivist groups—others have corroborated the hackers’ assertions.
Notably, in January 2025, Handala gained access to public announcement systems in Israeli kindergartens to disseminate red alert notifications and propaganda, an attack later validated by Israel’s National Cyber Directorate.
Source link: Cybersecurityconnect.com.au.
