CORK / PORTAGE — A devastating “wiper” cyberattack has crippled the global operations of medical technology giant Stryker, leaving thousands of employees at its Irish headquarters in Cork offline. On Wednesday, March 11, 2026, the Iranian-linked hacking group Handala claimed responsibility for the breach, describing it as a direct retaliation for the February 28 missile strike on the Minab school in southern Iran, which reportedly killed over 170 children.
The attack marks a significant escalation in the cyber theater of the ongoing Middle East conflict, moving beyond regional targets to strike a major Western medical infrastructure provider.
The Anatomy of a “Wiper” Attack
Unlike traditional ransomware, where data is encrypted for a fee, the malware deployed against Stryker was designed for total destruction. According to cybersecurity analysts and internal memos, the attackers utilized Microsoft Intune—a cloud-based endpoint management system—to issue remote “wipe” commands to connected hardware.
- Mass Deletion: Handala claims to have wiped more than 200,000 systems, servers, and mobile devices across 61 countries.
- Data Exfiltration: The group alleges they extracted 50 terabytes of sensitive data, which they threatened to release to “the free people of the world.”
- The “Handala” Signature: Employees in Cork reported that their login screens were defaced with the Handala logo—a cartoon of a young boy that serves as a symbol of Palestinian resistance—before their devices went dark.
Retaliation for Minab
In a manifesto posted to Telegram, Handala framed the operation as a defensive strike against the “Axis of Resistance.”
“We announce to the world that, in retaliation for the brutal attack on the Minab school and in response to ongoing cyber assaults… our major cyber operation has been executed with complete success.”
The group specifically labeled Stryker a “Zionist-rooted corporation,” likely referencing the company’s 2019 acquisition of the Israeli-based firm OrthoSpace. The Minab school bombing, which geolocated footage suggests involved a U.S. Tomahawk missile, has become a rallying cry for pro-Iranian hacktivists seeking to exert economic pressure on the West.
Operational and Financial Impact
Stryker, which employs roughly 5,500 people in Ireland, has confirmed a “global network disruption” affecting its Windows environment.
- Manufacturing Halt: In Cork, home to some of the company’s most advanced manufacturing plants, production lines were partially suspended as engineers lost access to the software required for product design and quality testing.
- Market Reaction: Shares of Stryker (SYK) fell by as much as 5.3% on the news of the breach, closing lower as investors weighed the potential for long-term supply chain disruptions.
- Containment Efforts: The company stated it has “no indication” of ransomware and believes the incident is contained. However, internal reports suggest it may take weeks to restore systems that were completely erased.
A Heightened Global Risk
The National Cyber Security Centre (NCSC) in Dublin is currently working with international partners to assess the damage. Security experts at Check Point and Palo Alto Networks have long monitored Handala, linking them to Iran’s Ministry of Intelligence and Security (MOIS).
The Stryker breach serves as a stark warning: as the kinetic war in the Middle East continues, the “digital front” is no longer restricted to the battlefield. For global corporations, the risk of becoming collateral damage in geopolitical cyber warfare has never been higher.
