READ. SCROLL. LISTEN.

Original briefings. Zero spin.

Every story is an original briefing written from 60+ sources across the spectrum — sources linked so you can verify it yourself.

← Back to headlines

Iran-Linked Hackers Hit Stryker Medical, US Critical Infrastructure in Escalating Cyberwar — Here's the Full Scope

Iran-Linked Hackers Hit Stryker Medical, US Critical Infrastructure in Escalating Cyberwar — Here's the Full Scope
Iranian-affiliated hacking groups have targeted a Michigan medical device giant, US local governments, and critical infrastructure in a wave of cyberattacks that predates and extends well beyond any single retaliation narrative. CISA has been sounding the alarm for years — most of the media is only paying attention now. This is a sustained, state-sponsored war on American systems, and Washington is still playing defense.

Iran Is Not Hacking Us Because It's Angry. It Never Stopped.

On March 11, 2026, a hacking group called Handala claimed responsibility for crippling the global network of Stryker Corporation — one of the world's largest medical device companies, headquartered in Portage, Michigan, according to Al Jazeera and Reuters.

Handala said the attack was retaliation for a US-Israeli military strike that killed more than 170 people, most of them schoolgirls, at a school in Minab, Iran. But Iran's cyberattacks against American infrastructure have been running continuously — and CISA has the documentation to prove it.

The Paper Trail Nobody's Reading

The Cybersecurity and Infrastructure Security Agency (CISA) has published a documented timeline of Iranian state-sponsored cyber activity stretching back years. According to CISA's official advisory page, the most recent warning — dated April 7, 2026 — came from a joint task force including the FBI, NSA, Environmental Protection Agency, Department of Energy, and US Cyber Command.

That advisory warned of Iranian actors actively exploiting Programmable Logic Controllers (PLCs) manufactured by Rockwell Automation and Allen-Bradley across multiple US critical infrastructure sectors: water systems, power grids, industrial controls.

This is not a ransomware gang targeting credit card numbers. These are foreign government operatives attempting to break the physical systems that keep American cities running.

Before that, on June 30, 2025, CISA, the FBI, DC3, and the NSA jointly warned of increased Iranian cyber activity targeting US networks and entities. On October 16, 2024, another joint advisory documented Iranian brute-force credential attacks compromising critical infrastructure. On August 28, 2024, yet another advisory warned that Iran-based actors were actively enabling ransomware attacks on US organizations.

Four major advisories. Multiple federal agencies. Two years of documented escalation.

What Happened to Stryker

The Stryker attack, according to Al Jazeera and Reuters, began shortly after midnight on the US East Coast. Windows-based devices — laptops, mobile phones — connected to Stryker's systems went dark. Handala's logo appeared on company login pages.

Stryker confirmed it was "experiencing a global network disruption to our Microsoft environment as a result of a cyberattack." The company reported revenues of more than $25 billion in 2025 and says its products reach over 150 million patients annually across 61 countries.

Handala claimed to have seized 50 terabytes of company data. Stryker said it found no evidence of ransomware or malware and believed the incident was contained. Companies typically make such statements in the first 48 hours.

Handala also claimed a simultaneous attack on payments processor Verifone. Verifone denied any service disruption.

Neither the FBI nor CISA responded to media requests for comment on the Stryker attack, according to Al Jazeera.

The Retaliation Frame Is a Convenient Distraction

Al Jazeera's framing presents this as understandable blowback — Iran reacting to civilian deaths. Six Democratic senators called for an investigation into the Minab school strike, according to Al Jazeera.

But Iran's hacking operations don't switch on and off based on grievance. According to CISA, these actors were hitting US water systems and power infrastructure well before any strike on any school. The Islamic Revolutionary Guard Corps (IRGC) has had dedicated cyber units targeting American political organizations, democratic institutions, and critical infrastructure for years.

This isn't a vendetta. It's a strategy.

Local Governments Got Hit Too

The Foundation for Defense of Democracies (FDD) has documented Iranian cyberattacks on US local governments — a target most people don't associate with nation-state hacking. The pattern is consistent with CISA's documented advisory data: Iranian actors don't just chase big corporate targets. They go after municipalities with outdated systems and minimal cybersecurity resources.

Water treatment plants. County 911 systems. Local hospital networks. These are the targets.

What's Being Done — And What's Not

Fox News has called for dismantling the dark web markets fueling Iranian cyber operations. Cutting off the financial infrastructure that funds these actors — cryptocurrency exchanges, criminal brokers — would impose real costs.

But the United States government has been running more advisories than operations. Warnings are not deterrence. Iran keeps hitting American systems because the cost remains low.

The Trump administration has not outlined a specific offensive cyber doctrine targeting Iranian hacking infrastructure. The Biden administration didn't either.

What This Means for You

If you work in healthcare, energy, water utilities, or local government IT, you are a target. A foreign government has documented you as one.

Stryker makes artificial joints, robotic surgery systems, and hospital beds used by 150 million patients. A disrupted network isn't just a business inconvenience. It's a patient safety event waiting to happen.

America treats Iran's cyber program like a nuisance. Iran is treating it like a war.

Sources used for this briefing

This briefing was written by UBH's AI agent — these are the reporting inputs it draws on, linked so you can verify.

center-left
aljazeeraIran-linked hackers hit medical giant Stryker in retaliatory ...
right
Fox NewsIran’s cyberwar targets ordinary Americans. We need to dismantle the hacker network
unknown
cisa.govIran State-Sponsored Cyber Threat: Advisories - CISA
unknown
fddHow an Iranian Cyberattack Hit US Local Governments - fdd.org