Iran appears to have conducted a significant cyberattack against a U.S. company, a first since the war started

An Iran-linked hacker group claimed responsibility for a cyberattack that disrupted Stryker’s Microsoft environment and wiped some employee devices. The incident reflects an escalation from wartime cyber-espionage and low-impact defacements into destructive action against a U.S. company. The practical consequence was halted employee communications and work when work-issued phones stopped functioning.

<p>Handala Team, a hacker group that cybersecurity companies link to Iran’s Intelligence Ministry, claimed responsibility for a cyberattack affecting Stryker, a Michigan-headquartered medical technology company. A Stryker employee said work-issued phones stopped working, disrupting work and internal communications.</p><p>Stryker said it experienced a global network disruption in its Microsoft environment due to a cyberattack, that its own systems were not directly hacked, and that there was no indication of ransomware or malware. Public evidence cited by cybersecurity reporting indicated the attackers likely accessed Stryker’s Microsoft Intune account, which is used to manage corporate devices. From the Intune management console, the attackers appeared to trigger a remote wipe function that reset some employees’ devices to factory settings, according to Sophos threat intelligence director Rafe Pilling. Microsoft describes remote wipe as a common feature for retiring, repurposing, troubleshooting, or securely erasing lost or stolen devices.</p>