Iran-linked group says it hacked US company in retaliation for Minab school bombing

## Summary
Photograph: Abedin Taherkenareh/EPA Iran-linked group says it hacked US company in retaliation for Minab school bombing Hacker group Handala claimed responsibility for attack that caused ‘global disruption’ to Stryker Corporation’s systems An Iran-linked group said it hacked a US medical company, causing “global disruption” to its systems, in retaliation for the bombing of the Minab school in Iran , in an attack seen as widening the Middle East into the cyber realm. Handala, a hacker group, claimed responsibility for the attack on Wednesday on the Stryker Corporation, which makes medical devices and is based in Michigan. A statement posted to X, apparently from Handala, said: “We announce to the world that in retaliation for the brutal attack on the Minab school and in response to ongoing cyber assaults against the infrastructure of the Axis of Resistance, our major cyber operation has been executed with complete success.” It called Stryker a “Zionist-rooted corporation” and claimed, without showing evidence, that it had wiped thousands of systems and mobile devices and extracted 50 terabytes of data. Stryker said: “We have no indication of ransomware or malware and believe the incident is contained. “The company’s investigation of the cybersecurity incident is ongoing, and the full scope, nature and impacts, including operational and financial impacts, of the incident are not yet known,” it said in a filing to the Securities and Exchange Commission on Tuesday. “Accordingly, the company has not yet determined whether the incident is reasonably likely to have a material impact on the company.” According to Sophos, a cybersecurity company, the “Handala Hack Team” is an Iranian hacktivist persona that was first observed in 2023.

## Article Content
Iranian rescue workers work among the rubble of damaged residential buildings in central Tehran, Iran, on 12 March 2026.
Photograph: Abedin Taherkenareh/EPA
View image in fullscreen
Iranian rescue workers work among the rubble of damaged residential buildings in central Tehran, Iran, on 12 March 2026.
Photograph: Abedin Taherkenareh/EPA
Iran-linked group says it hacked US company in retaliation for Minab school bombing
Hacker group Handala claimed responsibility for attack that caused ‘global disruption’ to Stryker Corporation’s systems
An Iran-linked group said it hacked a US medical company, causing “global disruption” to its systems, in retaliation for the bombing of the Minab school in
Iran
, in an attack seen as widening the Middle East into the cyber realm.
Handala, a hacker group, claimed responsibility for the attack on Wednesday on the Stryker Corporation, which makes medical devices and is based in Michigan. It affected thousands of employees using the company’s Microsoft systems.
In a statement, Stryker said the attack is expected to continue to cause “disruptions and limitations of access to certain of the Company’s information systems and business applications” and warned: “the timeline for a full restoration is not yet known”.
Oil price tops $100 again as Iran strikes economic targets across Middle East
Read more
Stryker’s share price dropped about 3% on news of the attack. Lee Sult, chief investigator at cybersecurity firm, Binalyze, called it “the first drop of blood in the water” as the Iran conflict spreads to US cyber targets and predicted “more shots are coming”. The same hacker group has already attacked Israeli cyber targets as Iran attempts to inflict economic disruption on its adversaries.
A statement posted to X, apparently from Handala, said: “We announce to the world that in retaliation for the brutal attack on the Minab school and in response to ongoing cyber assaults against the infrastructure of the Axis of Resistance, our major cyber operation has been executed with complete success.”
It called Stryker a “Zionist-rooted corporation” and claimed, without showing evidence, that it had wiped thousands of systems and mobile devices and extracted 50 terabytes of data.
Stryker said: “We have no indication of ransomware or malware and believe the incident is contained.
“The company’s investigation of the cybersecurity incident is ongoing, and the full scope, nature and impacts, including operational and financial impacts, of the incident are not yet known,” it said in a
filing
to the Securities and Exchange Commission on Tuesday. “Accordingly, the company has not yet determined whether the incident is reasonably likely to have a material impact on the company.”
According to
Sophos, a cybersecurity company, the “Handala Hack Team” is an Iranian hacktivist persona that was first observed in 2023. It has claimed to have compromised multiple oil and gas organizations, spanning locations including Israel, Jordan and Saudi Arabia,
according to
Intel 471, a threat intelligence company.
“The recent surge in pro-Iranian hacktivist activity currently is providing the Iranian regime with a greater ability to project perceived power in a time where domestic connectivity is highly constrained,” Intel 471 said.
Explore more on these topics
Iran
US-Israel war on Iran
Hacking
Middle East and north Africa
Cybercrime
news
Share
Reuse this content

---

## Expert Analysis

### Merits
- A statement posted to X, apparently from Handala, said: “We announce to the world that in retaliation for the brutal attack on the Minab school and in response to ongoing cyber assaults against the infrastructure of the Axis of Resistance, our major cyber operation has been executed with complete success.” It called Stryker a “Zionist-rooted corporation” and claimed, without showing evidence, that it had wiped thousands of systems and mobile devices and extracted 50 terabytes of data.

### Areas for Consideration
- It has claimed to have compromised multiple oil and gas organizations, spanning locations including Israel, Jordan and Saudi Arabia, according to Intel 471, a threat intelligence company. “The recent surge in pro-Iranian hacktivist activity currently is providing the Iranian regime with a greater ability to project perceived power in a time where domestic connectivity is highly constrained,” Intel 471 said.

### Implications
- Stryker said: “We have no indication of ransomware or malware and believe the incident is contained. “The company’s investigation of the cybersecurity incident is ongoing, and the full scope, nature and impacts, including operational and financial impacts, of the incident are not yet known,” it said in a filing to the Securities and Exchange Commission on Tuesday. “Accordingly, the company has not yet determined whether the incident is reasonably likely to have a material impact on the company.” According to Sophos, a cybersecurity company, the “Handala Hack Team” is an Iranian hacktivist persona that was first observed in 2023.

### Expert Commentary
This article covers iran, company, attack topics. Notable strengths include discussion of iran. Areas of concern are also raised. Readability: Flesch-Kincaid grade 0.0. Word count: 528.