March 11, 2026
Paging Dr. Wipe
Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker
5,000 sent home as ‘remote wipe’ chaos sparks blame, jokes, and panic
TLDR: Iran-linked hackers claim they wiped Stryker’s systems, sending 5,000 Irish staff home amid reports a device tool triggered mass “remote wipes.” Commenters are split between warnings of hospital supply shock and jabs that it’s overhyped—while roasting the “Intune did a CrowdStrike” vibes. Important because healthcare supply chains are fragile.
Iran-linked hacktivists say they nuked Stryker’s data, and the internet is having an absolute field day. The company’s Irish hub reportedly sent home 5,000 workers and the U.S. HQ voicemail says “building emergency,” but the real action is in the comments. One camp is furious at what they see as years of penny-pinching on IT: “medtech puts money into device safety, not networks,” fumed one user, arguing this is exactly how a wiper attack lands. Others stress Stryker isn’t just ambulance gurneys; it’s operating-room gear and ICU equipment, so the fear isn’t stolen passwords—it’s supply-chain chaos hitting hospitals fast.
The standout twist? A trusted source told KrebsOnSecurity the wipe may have been triggered through Microsoft Intune—a legitimate device-management tool—echoed by a Reddit thread where alleged staff say they were told to uninstall it. Cue the memes: “ask microsoft intune to eviscerate the company,” one commenter snarked, with others dropping “this feels like that CrowdStrike meltdown” jokes. Skeptics push back, calling it dramatic but not doomsday; “hackers found an easy door, then wrote a manifesto.” Meanwhile, reports from the Irish Examiner say staff are coordinating on WhatsApp and even personal phones with Outlook installed got wiped. Handala’s Telegram brag, tied to a deadly strike mentioned by the New York Times and profiled by Palo Alto Networks, only added fuel to the comment-war fire.
Key Points
- •Iran-linked hacktivist group Handala claimed a wiper attack on Stryker, alleging shutdowns in 79 countries and data erasure on 200,000+ systems.
- •Irish reports said Stryker sent home 5,000+ workers; a U.S. HQ voicemail cited a building emergency.
- •An anonymous source told KrebsOnSecurity that Microsoft Intune was used to remotely wipe devices, echoed by employee reports on Reddit.
- •The Irish Examiner reported device wipes and defaced login pages with the Handala logo; staff used WhatsApp for updates.
- •Palo Alto Networks linked Handala to Iran’s MOIS via Void Manticore and described its tactics as opportunistic, with prior claims against targets in Israel and Jordan.