Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Stryker hit by network compromise

Incident
First reported
Last updated
Happening score
H score 21
3 unique sources, 5 articles

Summary

Hide ▲

Stryker suffered a destructive network compromise attributed to Handala/Handala Hack Team, with reporting describing data deletion and widespread device wiping. Early coverage framed the incident as a major disruptive attack affecting offices and endpoints across the company. Later updates said company data was deleted and thousands of employee devices were wiped, while Stryker stated it regained access, removed the unauthorized party, and contained the incident. Reporting also said the breach was limited to the company’s internal Microsoft environment. Some reporting suggested the intrusion may have involved administrative tooling such as Microsoft Intune rather than a conventional malware-only wipe.

Related Happenings

West Pharmaceutical Services Inc. hit by data theft breach

Incident
First: 14.05.2026 01:23 Last: 14.05.2026 01:23 Sources 1

About this happening: West Pharmaceutical Services disclosed a **cyberattack** that **exfiltrated data** and **encrypted systems**, disrupting **global operations** and increasing recovery risk. The co...

Open Happening

FamousSparrow Azerbaijanian oil-and-gas targeting campaign

Campaign
First: 13.05.2026 16:00 Last: 13.05.2026 16:00 Sources 1

About this happening: The **China-linked FamousSparrow group** ran a **targeted cyberespionage campaign** against an **Azerbaijanian oil-and-gas company** in the **South Caucasus**, highlighting a new...

Open Happening

Instructure hit by cyberattack

Incident
First: 04.05.2026 01:16 Last: 04.05.2026 01:16 Sources 1

About this happening: **Instructure** disclosed a **cybersecurity incident** that exposed user information and prompted an investigation with outside experts and law enforcement. The event matters beca...

Latest development: 14.05.2026 23:19

The House Committee on Homeland Security and the US Senate Committee on Health, Education, Labor, and Pensions sought briefings from Instructure over the Canvas compromise, pressing the edtech vendor on whether it paid a ransom, what data was affected, how it handled the recent attacks, and whether the incident was linked to a prior Salesforce compromise.

Open Happening

Medical-device cyberattack trend in healthcare organizations

Target Trend
First: 29.04.2026 13:05 Last: 29.04.2026 13:05 Sources 1

About this happening: **24% of healthcare organizations** experienced cyber-attacks affecting **medical devices** over the past year, creating real risk to **patient care**. In **80%** of affected case...

Open Happening

Silk Typhoon / Hafnium coordinated intelligence-gathering campaign

Campaign
First: 27.04.2026 22:56 Last: 27.04.2026 22:56 Sources 1

About this happening: The **Silk Typhoon / Hafnium** operation is tied to a **coordinated intelligence-gathering campaign** spanning **February 2020 to June 2021**, underscoring a sustained espionage e...

Latest development: 28.04.2026 15:30

US officials described Silk Typhoon/Hafnium activity from February 2020 to June 2021 as a coordinated intelligence-gathering campaign that targeted US universities and COVID-19 researchers, including a Texas university network, and later expanded into Microsoft Exchange Server vulnerability exploitation. The operation reportedly used stolen mailbox access to search for vaccines, treatments, and testing research, and the FBI said the campaign affected more than 12,700 US organizations.

Open Happening

Timeline

  1. 28.03.2026 17:40 2 articles · 2mo ago

    Handala Hack destructive compromise of Stryker

    Victim Impact Update

    Handala Hack is tied to a destructive compromise of Stryker in which company data was deleted and thousands of employee devices were wiped. Stryker later said the incident was contained after it regained access, removed the unauthorized party from its environment, and noted that the breach was confined to its internal Microsoft environment.

    Show sources
    Open in new tab
  2. 19.03.2026 18:14 1 articles · 2mo ago

    FBI seizes Handala domains after Stryker attack

    Legal Policy Action Update

    The FBI seized Handala's handala-redwanted[.]to and handala-hack[.]to domains after the group used them to publicize its destructive cyberattack on Stryker, and the domains were switched to ns1.fbi.seized.gov and ns2.fbi.seized.gov under a seizure warrant from the District Court for the District of Maryland.

    Show sources
    Open in new tab
  3. 11.03.2026 19:21 1 articles · 2mo ago

    Stryker devices remotely wiped and Entra login page defaced

    Exploitation Observed

    Managed Windows and mobile devices enrolled in Stryker's mobile device management system were remotely wiped early Wednesday morning, and the company's Entra login page was defaced with a Handala logo. Employees in the United States, Ireland, Costa Rica, and Australia reported the same wiping activity on work-managed devices.

    Show sources
    Open in new tab
  4. 11.03.2026 19:21 2 articles · 2mo ago

    Stryker operations disrupted by widespread wipes

    Victim Impact Update

    The wiping campaign caused data loss on personal phones enrolled for work access, disrupted access to internal services and applications, and forced some locations to revert to pen and paper after systems became unavailable. Handala also claimed it stole 50 terabytes of data and wiped over 200,000 systems, servers, and mobile devices across Stryker's network.

    Show sources
    Open in new tab
  5. 11.03.2026 18:20 2 articles · 2mo ago

    Handala claims destructive compromise of Stryker

    Initial Disclosure

    Handala, an Iran-linked hacktivist group, claimed responsibility for a data-wiping attack against Stryker, saying offices in 79 countries were forced to shut down after data was erased from more than 200,000 systems, servers and mobile devices; separate reporting said Stryker sent home more than 5,000 workers in Ireland, while staff at the Cork headquarters said network-connected systems were down, employee devices were wiped, and login pages were defaced with the Handala logo.

    Show sources
    Open in new tab
  6. 11.03.2026 18:20 2 articles · 2mo ago

    Handala claims destructive compromise of Stryker

    Initial Disclosure

    Handala, an Iran-linked hacktivist group, claimed responsibility for a data-wiping attack against Stryker, saying offices in 79 countries were forced to shut down after data was erased from more than 200,000 systems, servers and mobile devices; separate reporting said Stryker sent home more than 5,000 workers in Ireland, while staff at the Cork headquarters said network-connected systems were down, employee devices were wiped, and login pages were defaced with the Handala logo.

    Show sources
    Open in new tab