Iran Linked Group Responsible for Cyber Attack on American Company

What Happened?

A group known as Handala Hack, which is believed to be affiliated with the ruling regime in Iran, carried out a cyber-attack against the American medical technology company Stryker yesterday.

According to one employee of Stryker, ‘All support staff, administrative staff and engineers have been sent home. And anyone with Outlook on their personal phones had their phones wiped.’

Stryker also indicated it had been the victim of a wiper attack, which is a style of cyber-attack that eliminates or wipes data from servers and hard drives. In most wiper attacks, lost data cannot be retrieved on affected devices.

Why it Matters

The cyber-attack on Stryker is the first known large-scale cyber intrusion on a private American company carried out by Iran in retaliation for U.S. and Israeli military operations. Though Stryker confirmed its people and properties are physically safe, the cost of the lost data remains unknown and could reach millions of dollars. The cyber-attack by agents of Iran on an American company represents another expansion of the current war in the Middle East.

According to the company’s website, Stryker is a global leader in medical technologies offering innovative products and services in neurotechnology and orthopedics that help improve patient and healthcare outcomes. Stryker employs more than forty thousand people and sells products to over one hundred countries around the world, including Israel. Last year, Stryker earned more than twenty-two billion dollars in revenue.

Iran is believed to have targeted Stryker due to its business dealings with Israel. Iranian officials have also warned that banks and financial centers connected to the United States or Israel will now be considered legitimate targets by Iran. Dozens of American banks and financial companies have offices in the Middle East region, and with the cyber-attack on Stryker, Iran has demonstrated it has the capability to target American companies. 

Handala also claimed to have seized fifty terabytes of data from Stryker, then to have released that information online, though those claims remain unverified. If the group does have company data, it could hold that information hostage, though financial gain does not appear to be the motivation behind that attack. Because this attack is retaliatory in nature, the group would not need to protect any accessed data for future ransom payments.

Overall, the Stryker cyber-attack is part of a larger Iranian strategy to inflict as much economic pain as possible on the United States and the American economy. The Iranians hope that by increasing the economic costs of the war, they will force the U.S. government to bring hostilities to a faster end.

How it Affects You

American companies with offices in the Middle East or that do business there will likely increase cybersecurity measures in the coming weeks. While cyber-attacks are not physically threatening to American citizens, they could result in compromised data or the theft of personally identifying information. Anyone conducting business in the Middle East should expect an elevated cyber threat landscape for the duration of the war.