Cyber Analysis Group - CyberAGroup - OSINT Darkweb Investigations  - Insider Threat - Crypto - Online threat & exposure - SOCMINT - Canadian

‹ Back

Mainstream media is reporting "a significant cyberattack against a U.S. company, a first since the war started". On March 11, the group Handala announced an attack against the U.S. medical tech giant, Stryker.

Handala (also known as Handala Hack Team, Hatef, Hamsa) describes itself as a pro-Palestinian hacktivist group focused on politically motivated cyber campaigns targeting Israeli entities and organizations associated with Israel globally. The group has claimed responsibility for 148 attacks against Israeli interests since mid-2024.

 

Although Handala uses a "hacktivist" cover, it is a known front (faketivism) for the Iranian government. Their activities have been attributed to Iran’s Ministry of Intelligence and Security (MOIS). Cybersecurity firms like Check Point and threat intel groups link Handala to Void Manticore (aka Red Sandstorm, Banished Kitten, Storm-0842), an actor directly affiliated with the MOIS. This cluster uses personas like Handala for deniability in espionage, disruption, and info ops. Security researchers are also looking at possible affiliation to the The Islamic Revolutionary Guard Corps (IRGC) who are historically more active during conflicts than the MOIS.

Since the start of the US/Israel attacks against Iran on Feb. 28, Handala has claimed responsibility for 13 cyberattacks against Israeli interests, 1 UAE oil company, Saudi Aramco, and the US company Stryker.

This is the first specific targeting by Handala against a US company. Handala stated it attacked Stryker as it is "one of the key arms of the global Zionist lobby and a central ring in the 'New Epstein' chain."

Stryker maintains ties to Israel through acquisitions like OrthoSpace in 2019 for rotator cuff implants and Stryker GI Ltd. (founded 1994), which develops endoscopic solutions. These operations support R&D and manufacturing in Israel.

Handala claimed it impacted over 200,000 systems, servers, and mobile devices and stole 50 terabytes of data, shutting down Stryker's offices in 79 countries. While groups like Handala often exaggerate their success for psychological impact, early evidence suggests that Handala’s claims regarding the Stryker attack are significantly more credible than typical "hack-and-leak" bluster. The attackers likely gained administrative access to Microsoft Intune allowing them to issue a "wipe" command to thousands of company-managed laptops and mobile devices simultaneously.

In relation to this attack, the group stated: "This is only the beginning of a new cyber chapter in cyber warfare. To all those plotting attacks on the infrastructure of the Axis of Resistance: The era of hit-and-run is over!"