A major cyberattack has crippled the global networks of Stryker, one of the world’s largest medical device companies, with an Iran-linked hacking group claiming responsibility and warning it marks “the beginning of a new chapter in cyber warfare”.

Handala, a hacking persona with documented ties to Tehran, said it carried out the attack in retaliation for the killing of more than 170 people, most of them schoolgirls, in a strike on a school in the southern Iranian city of Minab on the first day of the US-Israeli military war against Iran.

Recommended Stories

list of 3 itemsend of list

An investigation by Al Jazeera’s Digital Investigations Unit of satellite imagery found that the school was possibly deliberately targeted.

Six senior Democratic senators in the United States have called for an investigation into the strike, saying in a joint statement that they were “horrified” by the incident.

The hacking group said it had seized 50 terabytes of company data, which it claimed was “now in the hands of the free people of the world.”

The outages began shortly after midnight on the US East Coast on Wednesday, knocking out Windows-based devices, including laptops and mobile phones, connected to Stryker’s systems.

The Michigan-based company confirmed it was “experiencing a global network disruption to our Microsoft environment as a result of a cyberattack,” adding it had found no evidence of ransomware or malware and believed the incident was contained.

Staff reported that Handala’s logo had appeared on company login pages. Calls to Stryker’s headquarters in Portage, Michigan met a recorded message saying the company was dealing with “a building emergency.”

Advertisement

Neither the FBI nor the Department of Homeland Security’s cybersecurity agency responded to requests for comment.

Stryker, which makes everything from artificial joints and surgical instruments to hospital beds and robotic surgery systems, reported revenues of more than $25bn in 2025 and says its products reach more than 150 million patients annually across 61 countries.

Handala also claimed a simultaneous attack on payments company Verifone, which denied any disruption to its services.

The incident comes as Iran has escalated its threats against Western economic targets.

The IRGC warned this week that US and Israeli-linked “economic centres and banks” across the region were now legitimate targets, while state-affiliated media published a list of US tech firms, including Google, Microsoft and Nvidia, describing their regional infrastructure as “Iran’s new targets.”

An Iranian security source told Al Jazeera’s Tohid Asadi the conflict was entering “a new phase,” hinting that another key regional waterway could face restrictions similar to those threatened by Tehran on vessels seeking to cross the Strait of Hormuz — though declining to elaborate further.