An Iran-linked hacktivist group executed a wiper attack against Stryker Corporation, a Michigan-based medical device manufacturer. The attack forced Stryker to send home over 5,000 employees at its largest international facility in Ireland. The company's U.S. headquarters reports an active building emergency linked to the incident.
Wiper attacks destroy data rather than exfiltrate it, distinguishing this threat from conventional ransomware campaigns. The Iranian nexus indicates state-sponsored motivation, likely targeting a critical infrastructure supplier. Medical device manufacturers face elevated risk due to their role in healthcare delivery and the potential for operational disruption.
Defenders should monitor for lateral movement indicators across networks connected to engineering and manufacturing systems. Organizations supplying medical technology should assume similar targeting and implement air-gapped backups for operational technology environments. Credential compromise preceded wiper deployment in past Iran-attributed campaigns, making endpoint detection and response (EDR) systems essential for early detection.
The attack timeline and persistence mechanisms remain unclear. Stryker has not disclosed the attack vector or initial compromise date.