Stryker Cybersecurity Incident: Non-Ransomware Attack Contained

Severity: Medium (Score: 58.0)

Sources: Industrialcyber.Co, Minichart.Sg

Summary

Stryker Corporation experienced a cybersecurity incident attributed to a suspected Iran-linked threat actor, Handala, which disrupted its operations by knocking internal systems offline. The attack involved a malicious file that executed commands without spreading within or outside Stryker's environment. Following an investigation with Palo Alto Networks' Unit 42, Stryker confirmed there was no evidence of ransomware or malware, and all known malicious binaries were neutralized. As of March 20, 2026, the incident was contained, and remediation efforts are ongoing, including rebuilding systems from pre-compromise backups. Stryker reported that no customer, supplier, or partner data was compromised during the incident. The company is working closely with government agencies and industry partners to restore services and enhance cybersecurity measures. Manufacturing operations are stabilizing, prioritizing patient needs. Key Points: • Stryker's cybersecurity incident was linked to a suspected Iran-affiliated group. • No ransomware or malware was found; the attack utilized a non-spreading malicious file. • Stryker is collaborating with government agencies to enhance cybersecurity and restore operations.

Key Entities

• Handala (apt_group)
• Malware (attack_type)
• Ransomware (attack_type)
• Stryker (company)
• Stryker Corporation (company)
• Iran (country)
• Healthcare (industry)
• T1059 - Command and Scripting Interpreter (mitre_attack)