Stryker attack highlights nebulous nature of Iranian cyber activity amid joint U.S.-Israel conflict | CyberScoop<\/title> <meta name=\"description\" content=\"The Iranian-linked hacking group Handala has claimed credit for a major cyberattack on medical device giant Stryker, signaling a potential escalation in Tehran\u2019s digital operations during the current U.S.-Israel conflict. Experts weigh in on whether the disruptive breach was a calculated strike or a "happy accident."\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/stryker-cyberattack-iranian-hackers-handala\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Stryker attack highlights nebulous nature of Iranian cyber activity amid joint U.S.-Israel conflict\"> <meta property=\"og:description\" content=\"The Iranian-linked hacking group Handala has claimed credit for a major cyberattack on medical device giant Stryker, signaling a potential escalation in Tehran\u2019s digital operations during the current U.S.-Israel conflict. Experts weigh in on whether the disruptive breach was a calculated strike or a "happy accident."\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/stryker-cyberattack-iranian-hackers-handala\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-03-12T21:10:57+00:00\"> <meta property=\"article:modified_time\" content=\"2026-03-12T21:10:58+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict-2.jpg\"> <meta property=\"og:image:width\" content=\"5000\"> <meta property=\"og:image:height\" content=\"3750\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Tim Starks\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@timstarks\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1773246214g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1773167249g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1773271249g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/88214\"><meta name=\"generator\" content=\"WordPress 6.8.5\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=88214\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fstryker-cyberattack-iranian-hackers-handala%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fstryker-cyberattack-iranian-hackers-handala%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-88214 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/stryker-cyberattack-iranian-hackers-handala\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"24.578804347826\">\n<div class=\"single-article__header-content\" readability=\"31.344936708861\">\n<p> It\u2019s been difficult early on to separate signal from noise, even if the attack on the medical device maker looks like a qualified success for the attackers. <\/p>\n<p>   <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"480\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict.jpg?resize=640%2C480&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict-2.jpg 5000w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict-2.jpg?resize=300,225 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict-2.jpg?resize=768,576 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict-2.jpg?resize=1024,768 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict-2.jpg?resize=1536,1152 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict-2.jpg?resize=2048,1536 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict-2.jpg?resize=600,450 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict-2.jpg?resize=224,168 224w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict-2.jpg?resize=449,337 449w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict-2.jpg?resize=900,675 900w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict-2.jpg?resize=1124,843 1124w\" sizes=\"(max-width: 900px) 100vw, 900px\"><figcaption> A Stryker logo on a healthcare lamp. (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"89.888142041852\"><body readability=\"184.66886109282\"><\/p>\n<p>A cyberattack that an Iranian hacking group said <a href=\"https:\/\/krebsonsecurity.com\/2026\/03\/iran-backed-hackers-claim-wiper-attack-on-medtech-firm-stryker\/\">it carried out<\/a> against medical device manufacturer Stryker might mark Tehran\u2019s first significant cyber action since the start of the joint U.S.-Israel conflict.<\/p>\n<p>But even that may have been a happy accident for Iranian hackers in what has been a low buzz of activity during that timeframe, with the attackers striking paydirt by happenstance rather than on purpose.<\/p>\n<p>Cybersecurity firms, threat intelligence trackers and critical infrastructure owners have been fighting to separate the noise about proclaimed attacks out of Iran, and the warnings and threats related to the conflict, from what is actually happening and poses any significant danger.<\/p>\n<p>\u201cEverybody is scrambling right now,\u201d said Alex Orleans, a long-time Iran threat analyst and head of threat intelligence at Sublime Security. Others said the nascent nature of the conflict is making assessments difficult.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cWhat we see is quite difficult to quantify or characterize about whether there\u2019s been an increase or decrease,\u201d said Saher Naumaan, senior threat researcher at Proofpoint. \u201cI think since we\u2019re only a couple weeks into the conflict, and the regular cadence of Iranian actors isn\u2019t very consistent, necessarily, we don\u2019t have enough data points or enough time to really judge.\u201d<\/p>\n<h4 class=\"wp-block-heading\" id=\"h-signs-of-activity\">Signs of activity<\/h4>\n<p>In the early days of the conflict, there were indications that <a href=\"https:\/\/www.politico.com\/news\/2026\/03\/04\/israel-iran-cyber-headquarters-00813364\">physical attacks<\/a> on Iran might have hampered Iranian retaliatory efforts or other cyber activity, as those who would carry out cyberattacks were probably \u201chiding in bunkers,\u201d Orleans said, and as Iran suffered <a href=\"https:\/\/techcrunch.com\/2026\/03\/02\/hackers-and-internet-outages-hit-iran-amid-u-s-air-strikes\/\">internet outages<\/a>.<\/p>\n<p>In recent days, however, the Stryker attack and other indicators suggest that Iranian cyber activity could be heating up.<\/p>\n<p>\u201cFor several days following the outbreak of the conflict, there was a noted decrease in cyber threat activity emanating from Iran,\u201d a group of industry information and sharing analysis centers <a href=\"https:\/\/gate15.global\/joint-advisory-middle-east-conflict-and-critical-infrastructure\/\">warned Wednesday<\/a>. \u201cHowever, there are signs of life in Iranian offensive cyber operations.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The Stryker attack stands out for both the size and location of the target, a Michigan-based medical device manufacturer with more than $25 billion in revenue in 2025.<\/p>\n<p>But both Orleans and Sergey Shykevich, threat intelligence group manager at Check Point Research, said the attack has the hallmarks of an opportunistic one rather than a deliberate, focused one. The group claiming credit for the attack, Handala \u2014 a Ministry of Intelligence-linked outfit \u2014 is known more for seizing advantage of weaknesses they happen upon rather than <a href=\"https:\/\/www.wired.com\/story\/handala-hacker-group-iran-us-israel-war\/\">doggedly pursuing particular targets<\/a>.<\/p>\n<p>Notably, Stryker is also the class of a military vehicle used by U.S. forces. That military connection, even if confused with the medical device manufacturer, could possibly explain why the company was a target.<\/p>\n<p>Still, \u201cit was a much higher-profile attack than we expected from Handala,\u201d Shykevich said. \u201cUnfortunately, it\u2019s possible to define it as a relatively big success for them.\u201d<\/p>\n<p>There have been reports of other cyber activity that might be connected to the conflict. <a href=\"https:\/\/therecord.media\/iran-linked-hackers-claim-cyberattack-albania-parliament\">Albania said<\/a> the email system of its parliament had been targeted, with Iranian hackers taking credit. There was the <a href=\"https:\/\/research.checkpoint.com\/2026\/interplay-between-iranian-targeting-of-ip-cameras-and-physical-warfare-in-the-middle-east\/\">targeting of cameras<\/a> from Iran-linked infrastructure in countries that Iran then launched missiles into. Poland said it was <a href=\"https:\/\/www.politico.eu\/article\/poland-investigates-iran-links-as-hackers-target-nuclear-facility\/\">looking into<\/a> whether Iran was behind an attempted cyberattack on a nuclear research facility.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Some of the claims don\u2019t match reality. \u201cThere are many hacktivist groups that are very active in Telegram, but actually they don\u2019t have any significant successes,\u201d Shykevich said.<\/p>\n<p>There are other cyber-related developments in the conflict, too, <a href=\"https:\/\/www.proofpoint.com\/us\/blog\/threat-insight\/iran-conflict-drives-heightened-espionage-activity-against-middle-east-targets\">like espionage<\/a>, the proliferation of <a href=\"https:\/\/www.wired.com\/story\/fake-ai-content-about-the-iran-war-is-all-over-x\/\">artificial intelligence-fueled misinformation<\/a> and the possibility of Russia or China <a href=\"https:\/\/www.nextgov.com\/cybersecurity\/2026\/03\/russia-linked-hackers-appear-iran-wars-cyber-front-their-impact-murky\/412011\/\">helping out<\/a> in cyberspace on Iran\u2019s behalf, even if some experts doubt the likelihood of the latter.<\/p>\n<p>How effective any of it has been is still unclear. Stryker, for instance, <a href=\"https:\/\/www.stryker.com\/us\/en\/about\/news\/2026\/a-message-to-our-customers-03-2026.html\">said the attack<\/a> mainly affected its internal networks, although <a href=\"https:\/\/www.cnn.com\/2026\/03\/11\/politics\/pro-iran-hackers-cyberattack-medical-device-maker\">there were signs<\/a> it might be affecting communications at hospitals, too.<\/p>\n<p>But the damage might be beside the point. Orleans said the attacks could be psychological in nature, aimed at producing fear abroad and affirming hackers\u2019 standing with domestic leaders in Iran during the conflict.<\/p>\n<p>Even low-level defacement or distributed denial-of-service attacks can play a role.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cComing into work and finding an Iranian flag on your workstation would be a little bit disconcerting, because they\u2019re letting you know that, \u2018I can reach out and touch you,\u2019\u201d said Sarah Cleveland, senior director of federal strategy at ExtraHop and a former cyber officer in the U.S. Air Force.<\/p>\n<h4 class=\"wp-block-heading\" id=\"h-possible-follow-up-impacts\">Possible follow-up impacts<\/h4>\n<p>While primarily known as a medical supply company, Stryker has received <a href=\"https:\/\/www.usaspending.gov\/recipient\/26aa8e97-43ed-6854-a2a4-69cd900d6869-P\/latest\">sizable contracts<\/a> with the military for hospital equipment and surgical supplies, for example. It is unclear whether the hackers intended to use Stryker\u2019s military connection to exploit government systems.<\/p>\n<p>The Pentagon has <a href=\"https:\/\/dodcio.defense.gov\/cmmc\/About\/#:~:text=Cybersecurity%20is%20a%20top%20priority,controlled%20unclassified%20information%20(CUI).\">long warned<\/a> of increased, complex cyberattacks against the defense industrial base, a vast network of companies \u2014 with disparate levels of cybersecurity \u2014 that the military relies on for advanced weaponry to basic stretchers. The DIB is often<a href=\"https:\/\/media.defense.gov\/2024\/Mar\/28\/2003424523\/-1\/-1\/1\/DOD_DOB_CS_STRATEGY_DSD_SIGNED_20240325.PDF\"> seen by adversaries<\/a> as a backdoor into military systems.<\/p>\n<p>While he did not directly address the Stryker hack, the Army\u2019s principal cyber adviser, Brandon Pugh, outlined some of the challenges to the DIB and the service\u2019s part in trying to protect it during a webinar Thursday in response to a question on the topic.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>He said adversaries \u201cright or wrong\u201d see companies \u201cas an extension of the military\u201d and that they believe an attack on private industry would have a secondary impact on the armed forces.<\/p>\n<p>\u201cSome are very large, sophisticated multinational companies,\u201d he said, noting that security needs across the DIB aren\u2019t universal. \u201cOthers are very small companies that are lucky to have a director of IT, let alone a sophisticated cyber team, and I think that\u2019s where it\u2019s really important to lean into.\u201d<\/p>\n<p>Pugh said that agencies across the federal government have been working with the DIB to boost its resilience to attacks, and that the Army\u2019s cyber effort emphasizes entrenching cybersecurity from the beginning of the acquisition process.<\/p>\n<p>\u201cCyber can\u2019t be an afterthought \u2014 not saying it is,\u201d Pugh added. \u201cI\u2019d say the Army does a great job here, but making sure it\u2019s never forgotten and is always considered along that way.\u201d<\/p>\n<p>Matt Tait, the CEO and president of MANTECH, said in response to a question about the Stryker attack and DIB protections that defending against such incidents includes leveraging government agreements and access, such as with the NSA, and quickly sharing information following an attack.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cTo me, it\u2019s about real time information sharing,\u201d he said. \u201cYou need real time information sharing when you\u2019re getting attacked to be able to actually share that information with the rest of industry, as well as with government, because they can actually share that information across\u201d federal cybersecurity entities.<\/p>\n<p>\u201cIf you want to do mission focused technology work, this is the world you have to live in, and that you should be sharing this information on a real time basis,\u201d he added. \u201c24 hours later, 48 hours later, I call that ambulance chasing. That\u2019s too far after the fact from a cyber perspective.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"0.26643598615917\">\n<div class=\"author-card\" readability=\"7\">\n<p><h4 class=\"author-card__name\">Written by Tim Starks and Drew F. Lawrence<\/h4>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<div class=\"popular-stories__stories\">\n<div class=\"popular-stories__cards\">\n<article class=\"post-item post-item--popular-stories-cards \" readability=\"23.02580195258\">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/iranian-hackers-12-day-conflict-hacktivism-securityscorecard\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"472\" height=\"337\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict-1.jpg?resize=472%2C337&ssl=1\" class=\"attachment-ratio-16-9-md size-ratio-16-9-md wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict-3.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict-3.jpg?resize=300,214 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict-3.jpg?resize=768,548 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict-3.jpg?resize=1024,731 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict-3.jpg?resize=1536,1097 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict-3.jpg?resize=600,428 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict-3.jpg?resize=235,168 235w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict-3.jpg?resize=472,337 472w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict-3.jpg?resize=945,675 945w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/03\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict-3.jpg?resize=1181,843 1181w\" sizes=\"auto, (max-width: 472px) 100vw, 472px\"> <\/a><figcaption class=\"screen-reader-text\"> Smoke rises as Israel targets the notorious Evin Prison in north of Tehran, Iran, on June 23, 2025. Evin prison has been known as the place where Iran imprisons mostly political activists, dissidents and journalists. Media reports say that administrative building and the hospital of Evin prison have been damaged, and a number of families of inmates and prison staff have been killed and wounded. (Photo by Nikan \/ Middle East Images via AFP) <\/figcaption><\/figure>\n<header class=\"post-item__meta\" readability=\"1.967032967033\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/iranian-hackers-12-day-conflict-hacktivism-securityscorecard\/\"> Iranian hackers were more coordinated, aligned during Israel conflict than it seemed <\/a> <\/h3>\n<p> SecurityScorecard and the Middle East Institute said in separate reports this week that Iranian hacker operations during the 12-day conflict exhibited clear strategic intent. <\/p>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/tim-starkscyberscoop-com\/\"> Tim Starks <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/stryker-cyberattack-iranian-hackers-handala\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Stryker attack highlights nebulous nature of Iranian cyber activity amid<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[6189,2100,6190,4497,2655,271,6191,1351,624,302,6192,2101,513,514,6193,1020,1703,2048,4274,270,6194,6195,288],"tags":[6196,2108,6197,4501,2656,277,6198,1353,629,306,6199,2109,517,518,6200,1023,1707,2053,4277,276,6201,6202,294],"class_list":["post-8427","post","type-post","status-publish","format-standard","hentry","category-albania","category-army","category-brandon-pugh","category-cameras","category-check-point","category-china","category-defense-industrial-base","category-department-of-defense-dod","category-espionage","category-geopolitics","category-handala","category-hospitals","category-iran","category-israel","category-mantech","category-medical-devices","category-misinformation","category-poland","category-proofpoint","category-russia","category-stryker","category-sublime-security","category-threats","tag-albania","tag-army","tag-brandon-pugh","tag-cameras","tag-check-point","tag-china","tag-defense-industrial-base","tag-department-of-defense-dod","tag-espionage","tag-geopolitics","tag-handala","tag-hospitals","tag-iran","tag-israel","tag-mantech","tag-medical-devices","tag-misinformation","tag-poland","tag-proofpoint","tag-russia","tag-stryker","tag-sublime-security","tag-threats"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/albania\/\" rel=\"category tag\">Albania<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/army\/\" rel=\"category tag\">Army<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/brandon-pugh\/\" rel=\"category tag\">Brandon Pugh<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cameras\/\" rel=\"category tag\">cameras<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/check-point\/\" rel=\"category tag\">Check Point<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/china\/\" rel=\"category tag\">China<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/defense-industrial-base\/\" rel=\"category tag\">defense industrial base<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-defense-dod\/\" rel=\"category tag\">Department of Defense (DOD)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/espionage\/\" rel=\"category tag\">espionage<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/geopolitics\/\" rel=\"category tag\">Geopolitics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/handala\/\" rel=\"category tag\">Handala<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/hospitals\/\" rel=\"category tag\">hospitals<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/iran\/\" rel=\"category tag\">Iran<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/israel\/\" rel=\"category tag\">Israel<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/mantech\/\" rel=\"category tag\">ManTech<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/medical-devices\/\" rel=\"category tag\">Medical devices<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/misinformation\/\" rel=\"category tag\">misinformation<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/poland\/\" rel=\"category tag\">Poland<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/proofpoint\/\" rel=\"category tag\">Proofpoint<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/russia\/\" rel=\"category tag\">Russia<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/stryker\/\" rel=\"category tag\">Stryker<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/sublime-security\/\" rel=\"category tag\">Sublime Security<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a>","tag_info":"Threats","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8427","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8427"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8427\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8427"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8427"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8427"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8427,"date":"2026-03-12T16:10:57","date_gmt":"2026-03-12T21:10:57","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=88214"},"modified":"2026-03-12T16:10:57","modified_gmt":"2026-03-12T21:10:57","slug":"stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/03\/12\/stryker-attack-highlights-nebulous-nature-of-iranian-cyber-activity-amid-joint-u-s-israel-conflict\/","title":{"rendered":"Stryker attack highlights nebulous nature of Iranian cyber activity amid joint U.S.-Israel conflict"},"content":{"rendered":"