An Iran-linked hacking group named Handala claimed responsibility on March 11, 2026, for a cyberattack against Michigan-based medical device manufacturer Stryker Corporation. The group stated the breach was in direct retaliation for the February 28 missile strike on a girls’ elementary school in Minab, Iran, which killed between 165 and 175 people during the opening phase of the ongoing US-Israel military campaign against Iran.
The breach caused global disruption to Stryker’s Microsoft computing environment and affected thousands of employees. Handala claimed to have wiped thousands of systems and extracted 50 terabytes of corporate data, referring to Stryker as a Zionist-rooted corporation. Stryker stated the company has no indication of ransomware or malware and believes the incident is contained. Following the news of the attack, Stryker’s share price fell by approximately 3 percent.
The incident represents a major escalation in the digital industry as the kinetic war expands. The February 28 strike on the Shajareh Tayyebeh school in Minab occurred on the first day of Operation Epic Fury. US President Donald Trump initially stated erratic Iranian munitions caused the blast. Late on March 11, leaked preliminary findings from a US military investigation indicated a targeting error using obsolete data was likely responsible for the strike. Independent geolocation by Bellingcat previously identified the weapon fragments as US Tomahawk missiles.
Handala also cited ongoing cyber assaults against the Axis of Resistance as a motive for the attack on Stryker. The group simultaneously claimed cyberattacks on other corporate targets on March 11, including the payment firm Verifone.
Iran-linked hackers claim 'stryker' cyberattack
Handala group claims responsibility for the attack
Kripa Aryal has more pic.twitter.com/WoDdQuhPay
— WION (@WIONews) March 12, 2026