# Iranian Hackers Cripple Stryker in Retaliatory Cyberattack Since the United States and Israel initiated a series of air strikes across Iran, cybersecurity experts have warned of potential retaliatory cyberattacks. Late Tuesday night, the first major attack materialized, targeting the medical technology firm **Stryker**. ## Stryker Paralyzed by Handala Attack According to reports, the breach disabled tens of thousands of computers, significantly disrupting **Stryker's** global operations. The attack was claimed by an Iranian hacker group identifying themselves as **Handala**. "We announce to the world that, in retaliation for the brutal attack on the Minab school and in response to ongoing cyber assaults against the infrastructure of the Axis of Resistance, our major cyber operation has been executed with complete success," **Handala** stated on their website, referencing the American Tomahawk missile strike that killed civilians at a girl’s school in Iran and other hacking operations attributed to the US and Israel. "This is only the beginning of a new era of cyber warfare." ## Handala: From Obscurity to Prominence While **Handala** was previously a relatively unknown entity to many American cybersecurity researchers, the group is now believed to be a front for Iran’s Ministry of Intelligence (**MOIS**), particularly within Israel's cybersecurity industry. They are considered a key player in a wave of Iranian state cyber operators posing as hacktivists, aiming to inflict politically motivated chaos on adversaries. **Handala**, or groups operating under similar names, has been involved in data-destroying and hack-and-leak operations targeting entities ranging from the Albanian government to Israeli businesses and political figures. ## Iran's Cyber Warfare Strategy As Iran faces increasing pressure, its hackers, including **Handala**, are reportedly leveraging their resources and access to Western networks to retaliate against the US and Israel. According to Sergey Shykevich, threat intelligence research lead at **Check Point**, "They're all in. They’re trying to do whatever they can now to carry out destructive activity." Within Iran's broader cyber warfare efforts, **Handala** has emerged as "probably the most dominant group," says Shykevich. "They are the main face now." While hacking groups are known to exaggerate their successes, **Handala** has publicly claimed numerous victims, primarily in Israel, since the recent escalation of conflict. Justin Moore, a threat intelligence researcher at **Palo Alto Networks’ Unit 42** group, describes **Handala** as “a primary cyber-retaliatory arm for the Iranian regime,” combining hacktivist tactics with nation-state capabilities. ## Opportunistic Targeting Despite the chaos caused, Rafe Pilling, director of threat intelligence at **Sophos’ X-Ops** group, suggests that **Handala's** actions may not be part of a grand strategic plan. Instead, the group appears to be seizing opportunities to inflict damage on targets in Israel or the US, demonstrating a retaliatory effect rather than executing a pre-defined strategic objective. ## Handala's Origins and Tactics Security researchers first noted the "**Handala**" brand in late 2023, following the October 7 attacks by Hamas on Israel. Initially appearing as a pro-Palestinian hacktivist group, **Handala's** activities have since aligned with Iranian interests. The group actively promotes its claimed hacks on platforms like Telegram and X, and utilizes **Starlink**'s satellite internet to circumvent Iran’s internet censorship, as reported by Forbes. Over the past few years, **Handala** has engaged in hack-and-leak operations, publishing victim data as a psychological weapon. They have also deployed destructive wiper malware, indicating a sophisticated presence aimed at causing significant operational disruption. **Check Point** notes that **Handala** is just one of several hacktivist fronts employed by Iran, combining deniability with psychological impact.