Stryker cyberattack: Expert's warning as Handala group says ‘this is only the beginning’
Smarttech247 executive chairman Ronan Murphy says the Iranian Handala group is sophisticated and well-resourced: 'Their sole objective is chaos'. File picture Dan Linehan
Stryker may be an early target in a possible kinetic cyber warfare campaign by a sophisticated Iranian hacker group, a cybersecurity expert warned.
Wednesday's global cyberattack by the Iranian-linked hacker group Handala on US company Stryker, which has its European operations headquarters in Cork, is politically motivated and aims to cause “maximum chaos”, said Ronan Murphy, the CEO of Smarttech247, a global cybersecurity firm based in Cork.
Handala claimed responsibility for the attack on a social media account believed to belong to the group.
It said that the Stryker attack was in retaliation for the “brutal attack on the Minab school” in Iran, which killed more than 175 civilians, many of them children.
The US has been blamed for the bombing.
The post also said that Wednesday's cyberattacks were “only the beginning of a new chapter in the cyber war.”
Mr Murphy warned of possible further strikes on global companies in the coming days and weeks.
“Any organisation has to be on very, very significant high alert to potentially be hit by these guys because they’re quite sophisticated, they have a lot of resources.
“And their sole objective is chaos,” Mr Murphy said.
Handala is a hacker group that is “extremely active” at the moment.
“The chatter on the dark web all indicates that these guys are on an adrenaline push right now to cause maximum chaos,” Mr Murphy said.
The group is similar in structure to Anonymous, with hackers operating all over the world — some possibly within Ireland — who are highly skilled and politically motivated, he said.
Unlike 99% of cyber hacks, Handala is not motivated by money. Mr Murphy said: "That’s much scarier if you think about it.
"If you want monetary gain, you’ve got to compromise the user, you’ve got to get access to the network, you’ve got to find out what’s valuable, you’ve got to take it, steal it. Then you’ve got to enter into an extortion negotiation. So it’s way more complex.
“If you just want to watch the world burn, it’s way easier.”
The attack on Stryker is a “wiper” attack, which gets into IT systems and deletes and destroys information, Mr Murphy said.
“This is not associated with extortion,” he added.
“It looks like this is cyber kinetic warfare that’s just designed to create as many problems for as many people as it can.”
Handala hackers are also understood to have struck Israel’s Academy of the Hebrew Language, along with compromising oil and gas installations across the Middle East.
When staff attended work in Stryker’s Cork facilities on Wednesday, any computer connected to the company’s network stopped working.
Some computers displayed the Handala symbol.
Handala is an Iranian hacker group which uses the cartoon image of a little Palestinian boy, a symbol also associated with Palestinian resistance.
The character was created in 1969 by Palestinian newspaper cartoonist Naji al-Ali.
“It’s very significant,” one Stryker worker in Cork said on Wednesday.
“Anyone with Outlook on their personal phones had their phones wiped.”
Stryker staff are now communicating through WhatsApp groups for any updates on when they can return to work.
Although some machines used to manufacture Stryker’s medical devices were still in operation in Cork on Wednesday, it was not known how long they would continue operating.
Cars streamed out of Stryker’s facilities across Cork as staff were told to go home and avoid connecting to any of the company’s software.
The company employs more than 56,000 people globally.
Its largest hub outside the US is in Ireland.
It has six manufacturing facilities here, along with three innovation centres located in Cork, Belfast, and Limerick. Stryker has 5,500 workers in Ireland, with more than 4,000 based in Cork.
Offices and labs in the company’s large facilities in Cork had only a handful of workers still visibly present by Wednesday evening, with the company’s car parks on Model Farm Rd and four major operations in Carrigtwohill almost empty.
US and Irish flags were jostled by aggressive gusts of wind outside the Anngrove complex in Carrigtwohill, and daffodils dropped their bright yellow heads mournfully outside the facility as employees left the premises.
The Anngrove building, officially opened in 2016, is one of the largest 3D-printing facilities in the world.
A spokesperson for Stryker said that the company is experiencing a global network disruption to its Microsoft environment as a result of a cyberattack.
“We have no indication of ransomware or malware, and believe the incident is contained,” the spokesperson said.
“Our teams are working rapidly to understand the impact of the attack on our systems.
“Stryker has business continuity measures in place to continue to support our customers and partners.”
- Liz Dunphy, Southern Correspondent
A collection of the latest business articles and business analysis from Cork.
CONNECT WITH US TODAY
Be the first to know the latest news and updates
