A cyberattack believed to be linked to Iran-aligned hackers has disrupted operations at Stryker Corporation, a major US medical technology firm, leaving thousands of employees unable to access internal systems and forcing the shutdown of several network-connected devices.
The disruption affected staff in multiple countries who could not access company email, laptops, and internal tools. Reports said the outage began shortly after midnight on the US East Coast.
Irish media outlets reported that some internal systems displayed branding connected to “Handala,” a hacktivist label often described as being aligned with Iran. However, Stryker has not confirmed who was behind the incident, and cybersecurity officials say the attribution is still being investigated.
The cyber incident comes nearly two weeks after the United States and Israel launched military strikes on Iran, a conflict that has continued into this week.
Company confirms global network disruption
In a statement reported by Irish news outlet Cork Beo, Stryker said it is dealing with a major network issue affecting its systems worldwide. The company said it is experiencing a “global network disruption affecting the Windows environment.”
“Our teams are actively working to restore systems and operations as quickly as possible. Stryker has business continuity measures in place, and we’re committed to continuing to serve our customers,” the statement said.
According to reports, employees were also informed internally that the company is “experiencing a severe, global disruption impacting all Stryker laptops and systems that connect to our network.”
Irish outlets said thousands of workers were affected, including employees at Stryker’s large operations in Cork, Ireland, one of its biggest international centers. Ireland’s National Cyber Security Centre has been notified and is assisting in the response to the incident.
What Stryker does and where it operates
Stryker is a global medical technology company headquartered in Portage, Michigan. The company produces a wide range of medical devices, implants, and hospital systems that are widely used in healthcare facilities.
The firm employs around 56,000 people worldwide and reported revenue of about $25 billion in 2025, according to its website.
Outside the United States, one of its largest operational hubs is in Cork. The company runs several manufacturing and research facilities in Cork and also has operations in Limerick, making Ireland a key base for its European activities.
Hackers reportedly used Handala branding
Cybersecurity analysts said that systems affected by the attack displayed references to the “Handala” group.
According to IBM’s X-Force Exchange threat intelligence platform, Handala is a pro-Palestinian hacktivist group believed to be aligned with Iran. The group reportedly emerged in late 2023 after the outbreak of the Gaza conflict.
IBM describes Handala as a group that uses a range of cyberattack methods including phishing campaigns, custom wiper malware, ransomware-style extortion, data theft, and so-called “hack-and-leak” operations.
Its activities often include ideological messages and sometimes exaggerated or misleading claims about breaches. Analysts say the group has frequently targeted sectors such as healthcare, energy, financial services, satellite communications, and technology companies linked to defense or government systems.
How destructive wiper attacks work
Cybersecurity firm CrowdStrike explains that wiper attacks are designed to permanently damage computer systems by destroying data.
The company says wiper malware is “a form of malware engineered to destroy or corrupt data on targeted systems.” It can cause lasting damage by deleting “critical files and data” and lead to “severe business disruptions.”
“In a typical case, a wiper attack begins with infection vectors such as phishing emails, malicious downloads, or compromised websites. These initial entry points serve as the gateway for wiper attack malware to infiltrate a targeted system. Phishing emails are crafted to appear legitimate, tricking the unsuspecting recipient into installing malware on their system. In other cases, attackers may exploit a software vulnerability or use a compromised website to deliver malware to a target system,” reads CrowdStrike’s webpage on wiper attacks.
Previous attacks linked to the group
Handala has previously claimed responsibility for several cyber incidents targeting Israeli institutions.
According to reports, the group said it hacked the website of Academy of the Hebrew Language. Messages displayed on the website reportedly read, “There is no need to learn Hebrew anymore. You won’t need it for much longer.” The site also reportedly displayed the logo of the Handala group.
Investigations into the Stryker incident are ongoing, and officials have not yet confirmed the attackers or the full scale of the damage caused by the disruption.