Iran-Backed Hackers Take Credit For Massive Attack On U.S. Medical Device Maker

March 11 (Reuters) – An Iran-linked hacking group on Wednesday claimed responsibility for a devastating cyberattack on U.S.-based medical device and services provider Stryker, according to messages posted on the group’s Telegram channel.

The Michigan-based company, which employs 56,000 people and operates in 61 countries, said in a filing with the SEC that the attack caused outages and access restrictions on some systems and that the timeline for full restoration is not yet known.

The logo of an Iran-linked hacking group appeared on the company’s login pages, staff and contractors said in social media posts. Reuters was unable to verify the posts.

“We have no indication of ransomware or malware, and we believe the incident has been contained,” a company spokesperson said, without commenting on who might be behind the attack. Calls to the company’s global headquarters in Portage, Michigan, were answered with a recording stating that the company was “currently experiencing a building emergency.”

Stryker shares closed down 3.6% on Wednesday.

Fears have grown that Iran, which has advanced cyberespionage capabilities, could retaliate against US or Israeli entities after the two countries began airstrikes.

“This is exactly the type of attack we’re concerned about: Iranian proxies are using devastating cyberattacks, such as data deletion, against U.S. companies to retaliate,” said Cynthia Kaiser, senior vice president of cybersecurity firm Halcyon’s Ransomware Research Center and a former FBI cyber official.

Handala, an Iran-linked hacker personality who claims to have carried out numerous attacks against targets in Israel and around the world, said in a message sent to his Telegram channel that he was responsible for the attack, which was carried out in response to the attack on the Minab school in southern Iran and ongoing cyber attacks.

The group did not respond to a request for comment sent to one of its messaging accounts.

The girls’ school in Minab was hit on the first day of US-Israeli attacks on Iran, killing about 150 students, according to Iran’s UN Ambassador in Geneva, Ali Bahraini. Reuters did not independently verify the figure.

Outages on Stryker’s network began shortly after midnight on the East Coast on Wednesday, the Wall Street Journal reported, citing sources familiar with the matter.

Company personnel found that remote devices running Microsoft’s Windows operating system had been wiped, including cell phones, laptops and others configured to connect to Stryker’s technology systems.

“The (Trump) administration is always proactively monitoring potential cyber threats and responding with our world-class critical infrastructure, regulatory agencies and law enforcement,” a White House official said.

The FBI and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency did not respond to requests for comment.

Handala has been linked to multiple hack-and-exfiltration operations as well as devastating attacks, including cases where data was destroyed, Israeli cybersecurity firm Check Point said in a report published Tuesday.

“They are the most notorious group affiliated with the Iranian regime,” Check Point Chief of Staff Gil Messing said in an email.

Messing added that Check Point has been following the group for years and believes that they work under the Iranian Ministry of Intelligence.

“The fact that they publicly claimed responsibility for this attack and knew they were linked to the government shows a new phase in Iran’s motivation.”

(Reporting by Christy Santhosh in Bengaluru and AJ Vicens in Detroit; Editing by Shreya Biswas, David Gaffen and Edmund Klamann)