IE 11 is not supported. For an optimal experience visit our site on another browser. Skip to Content Iran war Politics U.S. News World Sports Local New York Los Angeles Chicago Dallas-Fort Worth Philadelphia Washington, D.C. Boston Bay Area South Florida San Diego Connecticut Shopping Tipline Business Health Culture Science Subscribe Share & Save — Subscriber Hub Saved Newsletters Profile Subscription Preferences Search Sections U.S. News Politics World Business Sports Investigations Culture & Trends Health Science Tech Weather VIDEO Photos NBC Select NBC Asian America NBC BLK NBC Latino NBC OUT Local New York Los Angeles Chicago Dallas-Fort Worth Philadelphia Washington, D.C. Boston Bay Area South Florida San Diego Connecticut tv Today Nightly News Meet the Press Dateline Featured NBC News Now Nightly Films Stay Tuned Special Features Newsletters Podcasts Listen Now More From NBC NBC.COM NBCU Academy Peacock NEXT STEPS FOR VETS NBC News Site Map Help Follow NBC News news Alerts There are no new alerts at this time Search Facebook Twitter Email SMS Blue Sky Whatsapp Print Reddit Flipboard Pinterest Linkedin Latest Stories Iran war Politics U.S. News World Sports Shopping Tipline Business Health Culture Science Iran war Iran appears to have conducted a significant cyberattack against a U.S. company, a first since the war started The company, Stryker, said a cyberattack disrupted its “Microsoft environment.” Add NBC News to Google Iran appears to have conducted cyberattack against a U.S. company 04:42 Get more news on Share Add NBC News to Google March 11, 2026, 9:42 PM EDT By Kevin Collier Listen to this article with a free account 00:00 00:00 An Iran-linked hacker group has claimed responsibility for a cyberattack on a medical tech company in what appears to be the first significant instance of Iran’s hacking an American company since the start of the war between the countries. The company, Stryker, which is headquartered in Michigan, produces a range of medical equipment and technology. Historically, Iran has conducted some of the most infamous “wiper” cyberattacks on national enemies, aiming to simply erase all data on computers’ networks. Victims include Saudi Aramco , Saudi Arabia’s national oil company, in 2012, and the Sands Casino in 2014 . More on the war with Iran Live updates: Oil price spikes again as Iran ship attacks surge Iran’s regime shows it can still rattle the global economy amid U.S. bombardment First 6 days of Iran war cost $11.3 billion, Pentagon tells Congress Since the war started, some established hacker groups sympathetic to Iranian leadership have claimed minor attacks, but most have been relegated to briefly altering the appearance of a website, and none have appeared to have had major impact. Some tech and cybersecurity companies, including Google, and the email cybersecurity company Proofpoint have told NBC News that they have largely seen Iran’s hackers conducting espionage related to the war. But that appears to have changed Wednesday, with what appears to have been a different type of attack that also deleted information from devices. A Stryker employee, who requested to not be identified because they are not authorized to speak for the company, said that employees’ work-issued phones stopped working, grinding work and communications with colleagues to a standstill. Stryker, based in Michigan, produces a range of medical equipment and technology. Smith Collection / Gado via Getty Images file Handala Team, which cybersecurity companies say has ties to Iran's Intelligence Ministry, has claimed responsibility for the Stryker hack in statements on its Telegram and X accounts. The group routinely brags about its exploits on the social media platforms, which have in recent days taken down previous versions of their accounts. Specifics of how the hack was conducted are not clear. But public evidence of the hack points to the likelihood that hackers gained access to the company’s Microsoft Intune account, which the employee confirmed Stryker uses. From there, Handala appears to have wiped some employees’ devices back to factory settings, an expert said. “They seem to have obtained access to the Microsoft Intune management console. This is a solution for managing corporate devices,” said Rafe Pilling, the director of threat intelligence at the cybersecurity company Sophos, which has linked Handala to Iran’s inteligence operations. “One of the features is the ability to remotely wipe a device if it’s lost/stolen etc. Looks like they triggered that for some or all of the enrolled devices,” he said in a written exchange. Microsoft’s website describes the remote wipe feature as “commonly used when a device needs to be retired, repurposed, reset for troubleshooting, or securely erased if lost or stolen.” In a statement on its website Wednesday, Stryker said that the disruption was due to a cyberattack but that its own systems were not directly hacked and that ransomware — a common type of cybercrime that can also significantly disrupt companies’ networks — was not a factor. “Stryker is experiencing a global network disruption to our Microsoft environment as a result of a cyber attack. We have no indication of ransomware or malware and believe the incident is contained,” the statement said. The company did not respond to a request for further details. Microsoft did not respond to a request for comment. Share Add NBC News to Google Kevin Collier Kevin Collier is a reporter covering cybersecurity, privacy and technology policy for NBC News. About Contact Help Careers Ad Choices Privacy Policy Your Privacy Choices CA Notice Terms of Service NBC News Subscription Terms of Service NBC News Sitemap Closed Captioning Subscribe Advertise NBC Select © 2026 NBCUniversal Media, LLC