How an Iranian-backed group crippled Stryker’s Irish HQ with a ‘wiper’ cyberattack
Stryker has eight sites in Ireland including Limerick, Belfast, and Cork — where it has five manufacturing plants and three innovation centres at Anngrove (pictured), Springhill, and Tullagreen near Carrigtwohill; Macroom; and Model Farm Rd in Cork City. File picture
A global medical device company with over 4,000 employees in Cork and another 1,400 across the island of Ireland was crippled on Wednesday by a cyberattack claimed by an Iranian-backed group.
This type of attack is known as a 'wiper attack' where the goal is to destroy IT systems and erase data on them.
The National Cyber Security Centre in Dublin was informed of the incident and is investigating.
It is understood the centre has not seen a rise in cyberattacks linked to Iran since the US and Israeli bombing started.
A wiper attack is considered a very serious type of cyberattack, both in terms of the damage it causes and the ideological or political motivation behind it, in this case linked to a hostile regime.
Read More
Stryker, based in the US, boasts its European headquarters in Cork, where it has an estimated 4,100 employees. A further 1,400 employees are based in Limerick and Belfast.
Multiple sources said that systems in the headquarters in Cork were “shut down” in the morning and that Stryker devices held by employees were wiped.
Login pages coming up on these devices were defaced with the logo of Handala Hack, described as a pro-Palestinian hacker group.
It is linked to the Iranian regime, which is currently engaged in military and economic warfare in retaliation for US and Israeli bombardment of the country.
Handala claimed the attack on various social media platforms, stating: “We announce to the world that, in retaliation for the brutal attack on the Minab school and in response to ongoing cyber assaults against the infrastructure of the Axis of Resistance, our major cyber operation has been executed with complete success.”
reported on Wednesday that a preliminary US military investigation determined that the US was responsible for the Tomahawk missile strike on an Iranian school on February 28, killing 175 civilians — the majority of them children. It is being blamed on a targeting mistake.
In addition to lucrative contracts with US military, Stryker may have been targeted because it has purchased several Israeli companies, most recently in 2019.
The shutdown in Cork also threatened to have a detrimental financial impact on the company, as it would disable the technology used to manufacture many Stryker’s medical products.
However, sources said that some machines continued to operate. Although, it was not clear how long that would continue.
Stryker Ireland said in a statement: “Stryker is experiencing a global network disruption to our Microsoft environment as a result of a cyberattack. We have no indication of ransomware or malware, and believe the incident is contained.”
It said teams were working rapidly “to understand the impact of the attack”.
“Stryker has business continuity measures in place to continue to support our customers and partners.”
Ronan Murphy, the chairman of Cork-based Smarttech247, said: “Any organisation has to be on very significant high alert to potentially be hit by these guys because they’re quite sophisticated, they have a lot of resources. Their sole objective is chaos.
“The chatter on the dark web all indicates that these guys are on an adrenaline push right now to cause maximum chaos.”
Mr Murphy said that, unlike 99% of hacks, Handala is not motivated by money.
He said: “That’s much scarier if you think about it, because if you want monetary gain you’ve got to get access to the network, find out what’s valuable, take it, steal it.
“Then you’ve got to enter into an extortion negotiation. If you just want to watch the world burn, it’s way easier.”
Brian Honan, the CEO of cybersecurity firm BH Consulting said: “This attack demonstrates how regional conflicts can have far-reaching consequences to companies and countries not directly involved in that conflict.”
He advised organisations, particularly those affiliated directly or indirectly with the parties involved in the conflict, to conduct regular risk assessments based on the type of threat actors that may be likely to target them.
“In particular, the focus should be on ensuring high-profile user and administrative accounts and high-profile systems are properly protected with strict access controls such as multi-factor authentication and access restricted to trusted devices and networks,” he said.
“The type of attack carried out against Stryker is known as a wiper attack, where the goal is to destroy and disrupt systems as much as possible.
“Organisations should look to ensure they have effective backup and restore procedures in place and have reviewed their cyber resilience.”
- Cormac O’Keeffe, Security Correspondent
- Liz Dunphy, Southern Correspondent
CONNECT WITH US TODAY
Be the first to know the latest news and updates
