{"id":195907,"date":"2026-03-12T10:39:00","date_gmt":"2026-03-12T14:39:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/12\/stryker-tells-sec-that-timeline-for-recovery-from-cyberattack-unknown\/"},"modified":"2026-03-14T14:25:28","modified_gmt":"2026-03-14T18:25:28","slug":"stryker-tells-sec-that-timeline-for-recovery-from-cyberattack-unknown","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/03\/12\/stryker-tells-sec-that-timeline-for-recovery-from-cyberattack-unknown\/","title":{"rendered":"Stryker tells SEC that timeline for recovery from cyberattack unknown"},"content":{"rendered":"<p><a href=\"https:\/\/therecord.media\/stryker-tells-sec-unknown-timeline-recovery\">Stryker tells SEC that timeline for recovery from cyberattack unknown<\/a><\/p>\n<p><a href=\"https:\/\/therecord.media\/stryker-tells-sec-unknown-timeline-recovery\">https:\/\/therecord.media\/stryker-tells-sec-unknown-timeline-recovery<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-12 10:39:00<\/a><\/p>\n<p>Source Domain: <a href=\"therecord.media\">therecord.media<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points.  Medical device company Stryker provided a fuller assessment of its recent cyber incident in a notice to the Securities Exchange Commission (SEC) on Wednesday evening.\u00a0  The attack came to light on Wednesday morning after employees took to social media to complain of phones, laptops and computers that had been wiped clean of all information. The company\u2019s 5,500 employees were locked out of company systems across Ireland, the US, Australia and India  In an 8-K filing with the SEC, Stryker confirmed that the cyberattack caused a global disruption to the company\u2019s Microsoft environment and said external cybersecurity experts were brought in to \u201cassess and to contain the threat.\u201d  \u201cThe incident has caused, and is expected to continue to cause, disruptions and limitations of access to certain of the Company\u2019s information systems and business applications supporting aspects of the Company\u2019s operations and corporate functions,\u201d company officials said.\u00a0  \u201cWhile the Company is working diligently to restore affected functions and systems access, the timeline for a full restoration is not yet known. The Company has business continuity measures in place to continue to support its customers and partners.\u201d  Stryker said it is still unclear whether the cyberattack will have financial impacts on the company. It is one of the largest medical device makers in the U.S., reporting more than $25 billion in revenue last year.\u00a0  The SEC filing reiterates that the incident did not involve ransomware or malware. Several cybersecurity experts said it is likely that the hackers behind the attack used the native features and tooling in Microsoft Intune to cause damage.\u00a0  Microsoft Intune is a cloud-based unified endpoint management system that allows teams to secure and manage access to organizational resources across Windows, macOS, Linux, iOS and Android devices.  Employees of Stryker reported that all of their devices with Microsoft Intune had been wiped clean.\u00a0  \u201cWhat makes the Stryker incident particularly concerning is the apparent use of enterprise management infrastructure \u2014 potentially weaponizing Microsoft Intune \u2014 to carry out destructive activity at scale,\u201d said Kathryn Raines, cyber threat intelligence lead at cybersecurity firm Flashpoint.  Microsoft declined to comment on the situation when contacted by Recorded Future News. Handala vs. APT34 The incident appeared to be the first evidence of\u00a0 potential cyber fallout from the war between the U.S. and Iran. Since the beginning of the conflict, experts warned that cyberattacks by both Iranian state-backed groups and hacktivists would likely come as part of the response to airstrikes launched by U.S. and Israeli forces.\u00a0  Several alleged Iranian groups have defaced websites, conducted relatively minor espionage incursions and launched distributed denial-of-service (DDoS) attacks in recent days, but no major incidents were reported until the Handala group took credit for the attack against Stryker.\u00a0  Handala has existed since 2023 and is known to deploy the Hatef wiper malware as well as the Rhadamanthys stealer malware during its attacks, according to cybersecurity firm Optiv.  The group previously focused its efforts on attacking significant targets in Israel, generally opting to steal information before launching wiper malware. Optiv said Handala typically gains initial access through phishing emails or by impersonating legitimate organizations.  Handala has made several unverified claims of attacks on organizations since the onset of the conflict with the U.S., including the targeting of government organizations in Jordan and Israel.\u00a0  Optiv and several other cyber research firms claimed there is significant overlap between Handala and a state-backed group linked to Iran\u2019s Islamic Revolutionary Guard Corps (IRGC) known as APT34.  Flashpoint\u2019s Raines said they have been tracking Handala for the last year and found that the group presents itself as a grassroots resistance movement. But its tactics and targeting are \u201cfar more consistent with activity linked to Iranian state actors than with independent hacktivism.\u201d\u00a0  APT34 was previously accused of increasing its attacks on government agencies in Saudi Arabia, Iraq, the Kurdistan Regional Government, the United Arab Emirates (UAE) and the broader Gulf region between 2023 and 2025. Get more insights with the Recorded FutureIntelligence Cloud.Learn more.<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Stryker tells SEC that timeline for recovery from cyberattack unknown https:\/\/therecord.media\/stryker-tells-sec-unknown-timeline-recovery Publish Date: 2026-03-12 10:39:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":195908,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/cms.therecord.media\/uploads\/stryker_4955e3f111.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,32,25],"class_list":["post-195907","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-malware","tag-phishing"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/195907"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=195907"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/195907\/revisions"}],"predecessor-version":[{"id":195909,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/195907\/revisions\/195909"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/195908"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=195907"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=195907"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=195907"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}