Iran's cyberattack against med tech firm is 'just the beginning'
(2026/03/18)
- Reference: 1773819128
- News link: https://www.theregister.co.uk/2026/03/18/irans_cyberattack_against_stryker/
- Source link:
Businesses should expect that Iran will conduct more aggressive cyber-ops as the war escalates, according to security analysts.
"Cyber and terrorism are the two levers that I believe Iran will pull now that their navy is decimated," retired US Army Lt. Gen. Ross Coffman told The Register . "What we saw against Stryker - it's just the beginning."
Stryker is a medical technology outfit that was last week hit by a cyber crew with [1]ties to Iran's intelligence agency , causing a [2]global network outage at the company. The attack represented the first destructive cyberattack to hit a US-based company during the Iran war. A week after the attack, Stryker's ordering and shipping [3]systems remain offline .
Iran sends 'a very clear signal'
"The Stryker hack marks the first time that Iran executed a successful full-blown disruptive attack against a major US corporation, especially against a company that plays a critical role in the healthcare supply chain." Sergey Shykevich, threat intelligence group manager at Tel Aviv-based Check Point Research told The Register . "It's a very clear signal that Iran sends about its capabilities, but even more about its intentions and courage to execute such operations."
Iran is a less [4]predictable cyber-adversary than nations like China and Russia. It has been conducting [5]cyber-espionage , [6]phishing , and [7]disinformation campaigns for more than 15 years. It's also adept at [8]hack-and-leak operations , and [9]nuisance-level denial-of-service attacks . The nation’s offensive cyber teams have also developed custom malware that can [10]remotely control water and fuel management systems .
[11]
But so far, most of their cyberattacks to date have been opportunistic - such as those in 2023 that [12]used default passwords to break into internet-accessible programmable logic controllers used in multiple US water systems.
[13]
[14]
Even with the Stryker cyberattack, Iran "had every capability to be more sophisticated, and they did not," said Tal Kollender, a former Israel Defense Forces cyber specialist who cofounded and leads a security company called Remedio.
Another threat analyst, who asked to remain anonymous because of safety concerns, told The Register , "Iran has been using cyber aggressively for quite a while – particularly in Israel – and so there's no secret weapon that they've been holding back."
The bigger concern is that Iran is going to hit more targets
"We're not suddenly going to see some new level of aggression, because they've essentially been demonstrating their capability for quite a while, so we can really expect to see more of the same," the analyst continued. "The bigger concern is just that Iran is going to hit more targets" beyond Israel, expanding to the Gulf states, the US, and any other allied countries.
"[Iranian] actors are generally looking for targets of opportunity," they said. "They now are going to have a greater field of opportunities."
[15]
While US government agencies remain the top targets for Iran's cyber weapons, all of the security professionals we interviewed told us that American businesses are more at risk.
"The NSA is really, really good at defensive operations, and so I don't see...the attacks going against government assets, I see them going after civilian assets," said Coffman, who served more than 35 years in the US Army and is now president of Forward Edge-AI, which provides AI and cybersecurity services to US government, defense, and critical infrastructure sectors.
"As [Iran] looks at this warfare, they are really focused on the global economy,” Coffman said. “We can remove their navy. We can remove their air power. We can attack them across all instruments of power, diplomatic, information, military, and economic. And they'll still have the ability to hack."
Plausible deniability
Iran historically [16]used hacktivists or even [17]cybercriminals as proxies for government-sponsored attacks. This was the case in 2023, when CyberAv3ngers, an Islamic Revolutionary Guard Corps (IRGC)-affiliated group, broke into multiple US water facilities.
Security researchers at Symantec and Carbon Black told The Register earlier this month that MuddyWater, an Iranian cyber crew believed to be part of the Iranian Ministry of Intelligence and Security (MOIS), has been [18]burrowed deep into multiple US companies' networks – targeting a bank, a software firm, and an airport – since the beginning of February, with more activity in the days following the US and Israeli military strikes.
[19]Iran-linked cyber crew says they hit US med-tech firm
[20]Iran intelligence backdoored US bank, airport, software outfit networks
[21]'Hundreds' of Iranian hacking attempts have hit surveillance cameras since the missile strikes
[22]Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks
Another MOIS-linked crew, Handala, claimed to be behind the Stryker hack.
"This isn't necessarily new, but it is noteworthy, as it gives the government a layer of protection through deniability and helps establish a narrative that others outside the government support its actions," Forrester analyst Allie Mellen and author of the book Code War: How Nations Hack, Spy, and Shape the Digital Battlefield, told The Register .
[23]
While the hacktivist playbook isn't new, "their ability to quickly and effectively scale during a near-total domestic internet blackout is," Qrypt CTO Denis Mandich said. Before co-founding the quantum-secure encryption company, Mandich spent two decades in the US intelligence community.
"Iran and its proxies are far more likely to inflict economic pain than to risk cleaner state-on-state exchanges," he added. "Their pre-positioned access will lead to more disruption and data destruction for a cheap, scalable way to have a disproportionate impact." ®
Get our [24]Tech Resources
[1] https://www.theregister.com/2026/03/10/cybercrime_iran_mois/
[2] https://www.theregister.com/2026/03/11/us_medtech_firm_stryker_cyberattack_iran/
[3] https://www.stryker.com/us/en/about/news/2026/a-message-to-our-customers-03-2026.html
[4] https://www.theregister.com/2024/05/10/iran_intel_analysis/
[5] https://www.theregister.com/2025/10/24/iran_muddywater_campaign/
[6] https://www.theregister.com/2025/07/19/idf_cyber_chief_iran/
[7] https://www.theregister.com/2025/06/23/iran_cyberattacks_against_us/
[8] https://www.theregister.com/2024/09/27/us_charges_iran_trump_campaign_hack/
[9] https://www.theregister.com/2026/03/02/cyber_warfighters_iran/
[10] https://www.theregister.com/2024/12/13/iran_cyberweapon_us_attacks/
[11] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2abqF0jCLmRzY3o3mYLFvIAAAAc0&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[12] https://www.theregister.com/2023/12/04/iran_terrorist_us_water_attacks/
[13] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44abqF0jCLmRzY3o3mYLFvIAAAAc0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[14] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33abqF0jCLmRzY3o3mYLFvIAAAAc0&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[15] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44abqF0jCLmRzY3o3mYLFvIAAAAc0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[16] https://www.theregister.com/2025/04/13/hacktivism_is_having_a_resurgence/
[17] https://www.theregister.com/2025/02/12/ransomware_nation_state_groups/
[18] https://www.theregister.com/2026/03/05/mudywater_backdoor_us_networks/
[19] https://www.theregister.com/2026/03/11/us_medtech_firm_stryker_cyberattack_iran/
[20] https://www.theregister.com/2026/03/05/mudywater_backdoor_us_networks/
[21] https://www.theregister.com/2026/03/04/iranian_hacking_attempts_ip_cameras/
[22] https://www.theregister.com/2024/12/13/iran_cyberweapon_us_attacks/
[23] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33abqF0jCLmRzY3o3mYLFvIAAAAc0&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[24] https://whitepapers.theregister.com/
"Cyber and terrorism are the two levers that I believe Iran will pull now that their navy is decimated," retired US Army Lt. Gen. Ross Coffman told The Register . "What we saw against Stryker - it's just the beginning."
Stryker is a medical technology outfit that was last week hit by a cyber crew with [1]ties to Iran's intelligence agency , causing a [2]global network outage at the company. The attack represented the first destructive cyberattack to hit a US-based company during the Iran war. A week after the attack, Stryker's ordering and shipping [3]systems remain offline .
Iran sends 'a very clear signal'
"The Stryker hack marks the first time that Iran executed a successful full-blown disruptive attack against a major US corporation, especially against a company that plays a critical role in the healthcare supply chain." Sergey Shykevich, threat intelligence group manager at Tel Aviv-based Check Point Research told The Register . "It's a very clear signal that Iran sends about its capabilities, but even more about its intentions and courage to execute such operations."
Iran is a less [4]predictable cyber-adversary than nations like China and Russia. It has been conducting [5]cyber-espionage , [6]phishing , and [7]disinformation campaigns for more than 15 years. It's also adept at [8]hack-and-leak operations , and [9]nuisance-level denial-of-service attacks . The nation’s offensive cyber teams have also developed custom malware that can [10]remotely control water and fuel management systems .
[11]
But so far, most of their cyberattacks to date have been opportunistic - such as those in 2023 that [12]used default passwords to break into internet-accessible programmable logic controllers used in multiple US water systems.
[13]
[14]
Even with the Stryker cyberattack, Iran "had every capability to be more sophisticated, and they did not," said Tal Kollender, a former Israel Defense Forces cyber specialist who cofounded and leads a security company called Remedio.
Another threat analyst, who asked to remain anonymous because of safety concerns, told The Register , "Iran has been using cyber aggressively for quite a while – particularly in Israel – and so there's no secret weapon that they've been holding back."
The bigger concern is that Iran is going to hit more targets
"We're not suddenly going to see some new level of aggression, because they've essentially been demonstrating their capability for quite a while, so we can really expect to see more of the same," the analyst continued. "The bigger concern is just that Iran is going to hit more targets" beyond Israel, expanding to the Gulf states, the US, and any other allied countries.
"[Iranian] actors are generally looking for targets of opportunity," they said. "They now are going to have a greater field of opportunities."
[15]
While US government agencies remain the top targets for Iran's cyber weapons, all of the security professionals we interviewed told us that American businesses are more at risk.
"The NSA is really, really good at defensive operations, and so I don't see...the attacks going against government assets, I see them going after civilian assets," said Coffman, who served more than 35 years in the US Army and is now president of Forward Edge-AI, which provides AI and cybersecurity services to US government, defense, and critical infrastructure sectors.
"As [Iran] looks at this warfare, they are really focused on the global economy,” Coffman said. “We can remove their navy. We can remove their air power. We can attack them across all instruments of power, diplomatic, information, military, and economic. And they'll still have the ability to hack."
Plausible deniability
Iran historically [16]used hacktivists or even [17]cybercriminals as proxies for government-sponsored attacks. This was the case in 2023, when CyberAv3ngers, an Islamic Revolutionary Guard Corps (IRGC)-affiliated group, broke into multiple US water facilities.
Security researchers at Symantec and Carbon Black told The Register earlier this month that MuddyWater, an Iranian cyber crew believed to be part of the Iranian Ministry of Intelligence and Security (MOIS), has been [18]burrowed deep into multiple US companies' networks – targeting a bank, a software firm, and an airport – since the beginning of February, with more activity in the days following the US and Israeli military strikes.
[19]Iran-linked cyber crew says they hit US med-tech firm
[20]Iran intelligence backdoored US bank, airport, software outfit networks
[21]'Hundreds' of Iranian hacking attempts have hit surveillance cameras since the missile strikes
[22]Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks
Another MOIS-linked crew, Handala, claimed to be behind the Stryker hack.
"This isn't necessarily new, but it is noteworthy, as it gives the government a layer of protection through deniability and helps establish a narrative that others outside the government support its actions," Forrester analyst Allie Mellen and author of the book Code War: How Nations Hack, Spy, and Shape the Digital Battlefield, told The Register .
[23]
While the hacktivist playbook isn't new, "their ability to quickly and effectively scale during a near-total domestic internet blackout is," Qrypt CTO Denis Mandich said. Before co-founding the quantum-secure encryption company, Mandich spent two decades in the US intelligence community.
"Iran and its proxies are far more likely to inflict economic pain than to risk cleaner state-on-state exchanges," he added. "Their pre-positioned access will lead to more disruption and data destruction for a cheap, scalable way to have a disproportionate impact." ®
Get our [24]Tech Resources
[1] https://www.theregister.com/2026/03/10/cybercrime_iran_mois/
[2] https://www.theregister.com/2026/03/11/us_medtech_firm_stryker_cyberattack_iran/
[3] https://www.stryker.com/us/en/about/news/2026/a-message-to-our-customers-03-2026.html
[4] https://www.theregister.com/2024/05/10/iran_intel_analysis/
[5] https://www.theregister.com/2025/10/24/iran_muddywater_campaign/
[6] https://www.theregister.com/2025/07/19/idf_cyber_chief_iran/
[7] https://www.theregister.com/2025/06/23/iran_cyberattacks_against_us/
[8] https://www.theregister.com/2024/09/27/us_charges_iran_trump_campaign_hack/
[9] https://www.theregister.com/2026/03/02/cyber_warfighters_iran/
[10] https://www.theregister.com/2024/12/13/iran_cyberweapon_us_attacks/
[11] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2abqF0jCLmRzY3o3mYLFvIAAAAc0&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[12] https://www.theregister.com/2023/12/04/iran_terrorist_us_water_attacks/
[13] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44abqF0jCLmRzY3o3mYLFvIAAAAc0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[14] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33abqF0jCLmRzY3o3mYLFvIAAAAc0&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[15] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44abqF0jCLmRzY3o3mYLFvIAAAAc0&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[16] https://www.theregister.com/2025/04/13/hacktivism_is_having_a_resurgence/
[17] https://www.theregister.com/2025/02/12/ransomware_nation_state_groups/
[18] https://www.theregister.com/2026/03/05/mudywater_backdoor_us_networks/
[19] https://www.theregister.com/2026/03/11/us_medtech_firm_stryker_cyberattack_iran/
[20] https://www.theregister.com/2026/03/05/mudywater_backdoor_us_networks/
[21] https://www.theregister.com/2026/03/04/iranian_hacking_attempts_ip_cameras/
[22] https://www.theregister.com/2024/12/13/iran_cyberweapon_us_attacks/
[23] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33abqF0jCLmRzY3o3mYLFvIAAAAc0&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[24] https://whitepapers.theregister.com/
Re: Forgive me if I'm not convinced about US telling the world they've won and Iran is decimated
Ken G
25 June 2025 [1][2]
[3]Iran’s Nuclear Facilities Have Been Obliterated — and Suggestions Otherwise are Fake News .
4 March 2026
[4]But if we didn't do what we're doing right now, you would have had a nuclear war, and they would have taken out many countries. .
[1] https://www.whitehouse.gov/articles/2025/06/irans-nuclear-facilities-have-been-obliterated-and-suggestions-otherwise-are-fake-news/
[2] https://www.whitehouse.gov/articles/2025/06/irans-nuclear-facilities-have-been-obliterated-and-suggestions-otherwise-are-fake-news/
[3] https://www.whitehouse.gov/articles/2025/06/irans-nuclear-facilities-have-been-obliterated-and-suggestions-otherwise-are-fake-news/
[4] https://www.npr.org/2026/03/04/nx-s1-5734331/trump-claims-there-would-have-been-a-nuclear-war-if-u-s-didnt-strike-iran-first/
Re: Forgive me if I'm not convinced about US telling the world they've won and Iran is decimated
IGotOut
You forgot
Week 0: We are going to piss off EVERY SINGLE ONE of our allies, by imposing tariffs, threatening to invade their countries and doing our best to undermine their sovereignty.
Sadly this was needed
harrys
Why, because necessity will dictate that in the security verses cost equation, only now will the former start winning by default
Another probable consequence, next gen overlay vpn's fully transparent to the end user, baked into the OS's network stack, will start decentralizing the gubbins of the internet into distinct geographical/political/corporate areas, especially as the percentage of global trade decreases over time between said areas ... (aka decentralized "firewalls")
whats probably surprising is that its taken so long to mature, or putting it another way finally out of the hands of emotionally challenged monied geeks on the "spectrum"
Forgive me if I'm not convinced about US telling the world they've won and Iran is decimated
Week 1: We've won. We would like you to join us.
Week 2: We've nearly won. We didn't need you to join us anyway.
Week 3: Iran has no navy or air power. By the way, NATO countries, please help us in contravention of [1]Articles 5 and 6 .
[1] https://www.nato.int/en/about-us/official-texts-and-resources/official-texts/1949/04/04/the-north-atlantic-treaty