An Iran-linked hacking group known as Handala Hack Team has claimed responsibility for cyberattacks against two major companies on March 11, targeting medical technology manufacturer Stryker Corporation and payment technology firm Verifone.
The two incidents are currently at very different stages of verification. Stryker has confirmed a cyber incident affecting parts of its network infrastructure. Verifone has not reported a breach and has stated it has found no evidence supporting the claims made by the group.
Stryker confirms network disruption following cyber incident
Reports indicate that Stryker experienced a cyberattack that caused disruption to some of its internal systems. According to statements from the company, the incident affected parts of its Microsoft-based network environment.
Stryker said it detected the issue and moved quickly to contain the activity. The company stated there was no evidence of ransomware or malware deployment at the time of the announcement. However, the company has not disclosed how attackers gained access or whether any data was exfiltrated.
Stryker is one of the largest medical device manufacturers in the world, producing surgical equipment, orthopedic implants, and hospital technology systems used globally. Because of the company’s role in healthcare supply chains, even limited disruptions to corporate systems can attract attention from regulators and healthcare providers.
Hackers claim large-scale impact at Stryker
In posts published on its official website, Handala claimed responsibility for the attack and claimed that it had wiped more than 200,000 systems, servers, and mobile devices while extracting 50 terabytes of data.
The group also claimed Stryker operations across 79 countries were forced to shut down. These figures have not been verified by Stryker or independent investigators. At the time of writing, Stryker has not confirmed the claims made by the hacking group about the scale of damage.
However, the group says it plans to release proof-of-concept (PoC) material in the coming days to demonstrate how the alleged breach of Stryker Corporation was carried out.
Verifone breach claim remains unverified
The same group also announced a separate operation targeting Verifone, a global provider of payment terminals and transaction processing technology used in retail and financial systems.
The hackers claimed they breached internal systems and extracted financial and transaction-related data. They also asserted that the attack disrupted payment systems and point-of-sale terminals. So far, there is no confirmation of those claims.
A Verifone spokesperson told media outlets that the company had reviewed the allegations and found no evidence that its systems were compromised. The company also said it was not observing any disruption to services used by customers, and no outages affecting Verifone payment terminals or payment processing infrastructure have been reported publicly.
Screenshots released as proof
Hackread.com can confirm that Handala hackers have released several screenshots that appear to show internal administrative interfaces connected to Verifone systems. The images include:
- IIS configuration consoles
- Device management dashboards
- Windows server administration panels
- Pages labeled RAU Management System
- Internal data tables referencing terminals and system activity
While such screenshots can indicate access to internal environments, they do not independently confirm when the access occurred or whether the systems belong to active production networks.
Handala has previously conducted operations framed as retaliation linked to regional geopolitical tensions. The language used in its announcements includes political messaging and warnings directed at governments and corporations.
Groups operating in this space often combine cyber operations with information campaigns designed to increase visibility of the attack. However, attribution and operational impact usually become clearer only after forensic analysis, company disclosures, or data leaks appear.
