Hospitals across the nation are on alert after an Iranian cyber militia with reported links to the Islamic Republic hacked a US multinational that supplies critical equipment to Australia.
Shortly after midnight on Thursday, hackers from the Handala group announced they had attacked Stryker, a Fortune 500 company known for its medical and surgical equipment.
The Handala group is believed to be affiliated with Iran’s Ministry of Intelligence and Cyber Security and said the cyber attack was retaliation for a US Tomahawk missile strike at the Shajereh Tayyebeh Elementary School in the southern city of Minab, reportedly killing 165, most of them children.
Women grieve at a funeral for school strike victims, who were mostly girls aged seven to 12. (Reuters: WANA/Amirhossein Khorgooei/ISNA)
Health officials in Victoria and New South Wales have told the ABC that there has been no disruption so far, but security experts fear the attack is only the first in a wave of cyber aggression against American companies that have a strong retail presence in Australia.
There are now concerns that, as the war drags on, further cyber attacks on United States companies could also impact Australia sectors like energy, banking and finance because of the strong links between the countries.
In a statement posted on X, Handala called Stryker a “Zionist-rooted corporation” and claimed it had wiped 200,000 systems, servers and devices, and stolen 50 terabytes of critical data.
This week, an internal US military investigation determined the United States was likely responsible for the strike, and may have targeted the school in error, according to US media reports.
Iran war live updates: For the latest news on the Middle East crisis, read our blog.
Stryker is currently part way through a $450 million dollar contract to supply medical equipment to the US military and in 2019 acquired Orthospace, an Israeli medical technology company.
This morning, the company’s chief executive, Kevin Lobo, wrote to his 53,000 employees and said the company’s products and customers were safe.
Mr Lobo said the company’s internal protocols had been activated to protect staff, customers and patients.
“We have now fully contained the attack and are in the restoration phase,” he said.
“Our teams are working closely with customers, government partners and third-party experts to maintain business continuity.
“We believe this attack did not involve ransomware or malware, meaning there is no risk of system contamination. The impact of the event was limited to our internal Microsoft environment.”
Security experts have told the ABC that the hackers managed to get administrative access to Microsoft Intune — a cloud-based device management platform commonly used in corporate Australia — and used it to remotely wipe associated devices around the world.
Matt O’Kane from Sydney cybersecurity consulting firm Notion Digital Forensics said the group managed to erase some but not all devices.
Experts say there are potential supply chain risks for Australian hospitals. (ABC News: Damian Mcintyre)
“The potential risk for Australian hospitals is supply chain,” Mr O’Kane said.
“If the outage is prolonged, hospitals sourcing surgical equipment, implants, and consumables from Stryker could face shortages.”
Iran has a history of using cyber warfare to retaliate against political enemies, according to the Halcyon Ransomware Research Centre.
The US-based centre said in the past, Iran had mostly used direct denial of service attacks, which crash networks, along with ransomware, to wreak havoc.
Justin Henderson, a senior offensive security consultant at CDW, a Fortune 500 IT company, and former specialist in the US Marine Corps Special Operations Command, told the ABC the attack was a significant but calculated escalation for the Handala syndicate.
“It’s really new territory here because they’ve really never carried out an attack anywhere of this size and of this magnitude and seriousness,” Mr Henderson said.
Mr Henderson told the ABC that Handala first emerged in 2023 and was one of several decentralised cyber militias that Iran used to maintain “plausible deniability”.
“These entities, in some cases, operate and execute on their own, in alignment with what the regime has typically wanted them to do,” he said.
“Who knows the type of attack they’re willing to go out and do and perhaps it’s a risk that Iran is not willing to take, but maybe they are and we really don’t know who’s calling the shots right now.”
He said the attacks would likely continue against American and Israeli targets and that Australia was at risk of being collateral damage because of globally tied systems, companies and organisations.
“They’re playing a pretty calculated game right now, not really wanting to increase the aperture outside the US and Israel too far at the moment, but we could see it, especially if our allies start to really participate or send supplies and funding and things like that to help in the war,” he said.
“This is just the first significant attack, so two weeks into this. It wouldn’t surprise me if we continue to see similar instances.”
Anthony Albanese, Penny Wong and Richard Marles have spoken about providing military assistance. (ABC News: Matt Roberts)
Earlier this week, Prime Minister Anthony Albanese announced Australia would deploy E-7A Wedgetail aircraft to the United Arab Emirates to protect and defend the region, along with 85 personnel.
Chris McNaughton, a former Victoria Police electronic crimes detective who now runs security consultancy SECMON1, urged Australians to monitor systems or devices with strong links to the United States as the war continues to rage.
Mr McNaughton said he had seen cases where criminal groups infiltrated systems up to 12 months before launching an attack.
“The groups who are behind these attacks are very sophisticated, are very clever and they’re very patient, and so they will very quietly compromise these types of systems and they’ll sit and wait,” he said.
“They’re there to use these attacks to make a point and their point is we can do what we want to you, at any time we want.
“It’s like stopping oil going through the Strait of Hormuz; it has a very, very significant impact.”