US medical technology company Stryker confirmed on March 11 that a cyberattack had disrupted its global network. Employees at the company's offices found the logo of Handala, a hacking group linked to Iran, displayed on their login pages, the Wall Street Journal reported.

The attack targeted Stryker's Microsoft environment, although the full extent of the damage and a timeline for restoration remain unclear.

Handala also claimed responsibility for exploiting Microsoft's cloud management platform, Intune, to remotely wipe more than 200,000 devices in 79 countries, according to cyber intelligence platform SOCRadar.

The group said the operation was revenge for a rocket attack on a girls' school in Minab, Iran, which killed more than 160 people.

The breach is part of a broader wave of cyber operations by state-linked groups and hacker groups targeting the United States and Israel in response to Operation Epic Fury.

Which state actors are involved?

A report from cybersecurity company CloudSek said that several groups long linked to the Iranian state are operating against critical American infrastructure.

Groups backed by Iran's Islamic Revolutionary Guard Corps (IRGC), including CyberAv3ngers, APT33 and APT55, have launched attacks on US industrial control systems, the computers that run physical infrastructure such as water treatment plants, electrical grids and production lines.

CyberAv3nger hackers are breaking into industrial machines with standard passwords and installing malicious programs that potentially control those systems, the report found.

APT33 uses a variety of common passwords to gain access to multiple accounts at U.S. energy companies. It then attempts to defeat security systems by installing malware on their computer systems, the report continued.

In the case of APT55, the group carried out cyber espionage against people connected to the US energy and defense sectors to gather information for targeting Iranian intelligence, CloudSek said.

Iran's Ministry of Intelligence and Security (MOIS) is also working with groups such as MuddyWater, APT34, and Handala against Israel and the United States.

MuddyWater's role has been to target telecommunications, oil and gas, and government organizations. They do this as a first-party access broker, meaning they collect passwords by logging into a network and pass them on to other attackers.

Handala has claimed other attacks besides Stryker, such as the deletion of more than 40 terabytes (TB) of data from servers at the Hebrew University of Jerusalem and a breach of Verifone, an American telecommunications company, in Israel, according to SOC Radar.

However, US media reports that Verifone denied the breach, claiming there was no evidence of any compromise or disruption of service.

The United States and Israel are also carrying out cyberattacks.

General Dan Caine, America's highest-ranking military officer, said in a statement on March 2 that US Cyber ​​Command was one of the "first movers" in Operation Epic Fury.

The division disrupted communication and sensor networks, which left Iran "without the ability to see, coordinate or respond effectively," he said.

Caine did not provide any additional information regarding U.S. cyber operations in Iran.

A separate statement on March 13 by Pete Hegseth, the US Secretary of Defense, confirmed that the US is using artificial intelligence (AI) and cyber tools as part of its war on Iran.

According to the Financial Times, Israeli spies also reportedly used information from hacked traffic cameras across Tehran to aid in their plans to overthrow Ayatollah Ali Khamenei.