Iran appears to have conducted a significant cyberattack against a U.S. company, a first since the war started

An Iran-linked hacker group has claimed responsibility for a cyberattack on a medical technology company in what appears to be the first significant example of Iran hacking an American company since the start of the war between the countries.

Stryker, a company headquartered in Michigan, produces a range of medical equipment and technologies.

Historically, Iran has carried out some of the most notorious “wiper” cyberattacks against national enemies, aimed at erasing all data from computer networks. Victims include: Saudi AramcoSaudi Arabia’s national oil company in 2012 and Sands Casino in 2014.

Since the start of the war, some established hacker groups sympathetic to the Iranian leadership have undertaken minor attacks, but most have been limited to briefly altering the appearance of a website and none have appeared to have a major impact. Several technology and cybersecurity companies, including Google and email cybersecurity company Proofpoint, told NBC News they have seen Iranian hackers doing largely war-related espionage.

However, this seems to have changed on Wednesday; A different type of attack has emerged that also deletes information from devices. A Stryker employee, who asked not to be identified because he was not authorized to speak on behalf of the company, said the employee’s work phones stopped working, disrupted work and brought communication with co-workers to a halt.

Handala Team claimed responsibility for the Stryker hack in their statements made on their Telegram and X accounts. The group routinely boasts of its exploits on social media platforms, which have shut down previous versions of their accounts in recent days.

Details of how the attack was carried out are unclear. But public evidence of the hack points to the possibility that hackers gained access to the company’s Microsoft Intune account, which the employee confirmed Stryker used. An expert said that Handala reset some employees’ devices to factory settings.

“They appear to have gained access to the Microsoft Intune management console. This is a solution for managing corporate devices,” said Rafe Pilling, director of threat intelligence at Sophos, a cybersecurity company that linked Handala to Iran’s Ministry of Intelligence.

“One of the features is that it can be wiped remotely if a device is lost/stolen, etc. It looks like they have triggered this for some or all registered devices,” he said in a written interview.

Microsoft’s website defines remote wipe as “commonly used when a device needs to be retired, repurposed, reset for troubleshooting purposes, or securely erased if lost or stolen.”

Stryker said in a statement on its website Wednesday that the outage was caused by a cyberattack, but that its own systems were not directly attacked and that ransomware, a common type of cybercrime that can also significantly disrupt companies’ networks, was not a factor.

“Stryker is experiencing a global network outage in our Microsoft environment as a result of a cyber attack. We have no indication of ransomware or malware and believe the incident is under control,” the statement said.

The company did not respond to a request for further details. Microsoft did not respond to a request for comment.

This article was first published on: NBCNews.com