Massive Cyber Attack: Group "Hanthal" Targets American Medical Company

The Iranian hacking group known as "Hanthal" announced yesterday, Wednesday, March 11, 2026, its responsibility for a large-scale cyber attack targeting the American medical technology giant Stryker, managing to extract about 50 terabytes of data.

The group considered the attack a response to military strikes and cyber attacks against Iran.

Details of the Attack and Statement from Group "Hanthal"

The group stated in an official statement:

"Our large-scale cyber operation has been successfully executed."

Describing the attack as a response to the "brutal attack on the Minab School" and to "the ongoing cyber attacks against the infrastructure of the resistance axis."

The group added that it shut down Stryker offices in 79 countries, noting that the extracted data "is now in the hands of the free people of the world."

It also issued a warning to those it described as "Zionist leaders and their affiliated pressure groups," asserting that this attack represents "the beginning of a new chapter in cyber warfare."

Stryker's Position on the Attack

For its part, Stryker stated that the attack led to a "global outage in its Microsoft environment network due to a cyber attack," adding: "We have no indication of ransomware or malware, and we believe the incident has been contained."

Stryker was founded in Kalamazoo, Michigan, and is one of the leading companies globally in the field of medical devices, employing about 56,000 people, with revenues of $25.12 billion in 2025.

The company produces a wide range of medical equipment, from orthopedic implants and surgical instruments to hospital beds and robotic surgery systems.

Group "Hanthal"'s Record in Cyber Attacks

The group is named after a famous Palestinian cartoon character by the late Palestinian artist Naji al-Ali.

"Hanthal" has previously claimed responsibility for a series of attacks on companies in Israel and Gulf countries in recent weeks.

Since the beginning of the Iranian war, the group has confirmed its "full access" to security surveillance cameras in Jerusalem.

Gil Messing, head of the cyber intelligence department at Check Point, an Israeli company, stated:

"It is the most well-known group linked to the Iranian regime. We have been tracking it for years."

A report from Google indicated that the group's activity "primarily consists of hacking and leaking operations, but increasingly includes electronic defamation and tactics designed to spread fear, uncertainty, and doubt."

Subsequent Attack on "Verifone"

"Hanthal" later announced an attack on the company Verifone, which specializes in electronic payment devices and online payment transactions.

The French company confirmed to AFP that it is monitoring its operations worldwide and is aware of "threat actors" claiming to have breached its systems, but it found no evidence of an actual breach and its services were not affected.