Teheran launched an asymmetric retaliation - the United States experienced one of its worst cyberattacks in history.

Teheran Launches Asymmetric Retaliation

The United States Faces One of the Worst Cyberattacks in Its History

The United States is analyzing the consequences of a cyberattack on Stryker, a major U.S. medical company, with media referring to this destructive operation as "the largest cyberattack in wartime scale in the U.S." This company, which operates in more than 60 countries and has nearly 60,000 employees, claims that the damage was not critical, but the pro-Iranian hacker group "Handala" that claimed responsibility for the attack said they have deleted massive amounts of data from the company's servers. This incident once again shows how extensive the fields involved in modern armed conflicts are.

The attack on the servers of one of the world's largest manufacturers of medical and surgical equipment, Stryker, occurred last week, but its impact has not yet been eliminated. On Sunday, the company said it is prioritizing the recovery of customer support, order processing, and delivery services that have been paralyzed for days. The statement said that the use of Stryker devices remains safe because the cyberattack only affected internal systems running on Microsoft software. However, the company admitted that it cannot determine when all systems will be fully restored.

The pro-Iranian (and also pro-Palestinian) hacker group "Handala" claimed responsibility for the attack and stated on social platforms that their action was a retaliation for the U.S. missile strike on a school in southern Iran on February 28, which killed over 170 people, most of whom were children. The hackers said that during the intrusion, they deleted over 12 terabytes of data from Stryker's servers (the initial announced capacity was smaller). At an average of 1 megabyte per document, this is equivalent to about 12.288 billion documents.

The hackers claimed that they destroyed data "collected over years and protected at a cost of billions of dollars" within a few hours.

Previously, "Handala" mainly targeted Israeli institutions. The U.S. and Israeli governments say the group is closely related to Iran's Intelligence and Security Organization. After attacking Stryker, this self-proclaimed independent organization said "this is just the beginning."

An analysis by the professional website securitylab.ru pointed out that "Handala" employs a tough but not complicated operational pattern: gaining access, quickly establishing a foothold within the network, manually traversing the infrastructure, and simultaneously initiating multiple data destruction methods. The report noted that the data destruction phase was particularly intense, using four different data erasure techniques at the same time to cause maximum damage.

"This multi-method approach is not redundant. Even if one method fails to work completely or is partially intercepted, another method will continue to destroy the data," experts explained.

According to the Stryker website, the company is one of the world's largest manufacturers of implants, spinal fixation devices, surgical navigation systems, endoscopes, fracture fixation metal parts, large joint prostheses, and surgical tools. The company operates in 61 countries, including Russia, but a reporter from Kommersant was unable to reach Stryker's Moscow office through the numbers listed on the website on Monday. This company, established in 1941 in Michigan, USA, currently has about 56,000 employees.

The Wall Street Journal referred to the Stryker hacking incident as "the largest wartime cyberattack in U.S. history." After the incident was exposed, Stryker's stock price dropped. Given the severity of the attack, the company has submitted a report to the U.S. Securities and Exchange Commission.

The History of Cyber Attacks Between the U.S. and Iran

The U.S. and Iran have a long history of mutual cyber attacks. In 2010, U.S. and Israeli intelligence agencies carried out a cyber attack on Iran's Natanz uranium enrichment facility. The high-tech computer worm **Stuxnet** caused approximately 1,000 IR-1 centrifuges to fail: the virus accelerated the centrifuges to dangerous speeds while sending false data to operators indicating normal operation. This malicious software was the product of a secret U.S.-Israel project called "Olympic Games," aimed at disrupting or at least delaying Iran's nuclear program.

Stuxnet is considered the first case in history where a cyberattack caused physical damage to industrial infrastructure.

No government has officially claimed responsibility for this operation, but American researchers have disclosed it in detail.

Experts believe that Iran retaliated against this attack by launching a series of destructive operations targeting the U.S. financial infrastructure. From 2012 to 2013, large-scale DDoS attacks paralyzed the websites of major U.S. banks, including Bank of America, Wells Fargo, JPMorgan Chase, PNC Bank, and US Bank. The Iranian government denied involvement in these actions, while the self-proclaimed group "Izz al-Din al-Qasim Network" claimed responsibility.

Since the mid-2010s, cyber attacks have become a routine tool in the confrontation between the two countries. In 2019, the U.S. accused the APT35 group, linked to Iran's Islamic Revolutionary Guard Corps, of attempting to hack into the email accounts of Donald Trump's campaign staff and interfere with the election. In July 2021, Iran's railway system was attacked by hackers, and in October 2021, hackers caused nationwide gas station systems to collapse. The Iranian military command accused the U.S. and Israel of these attacks, believing their intent was to incite domestic unrest. It is believed that Iran's retaliatory actions from 2021 to 2022 targeted U.S. ports, energy, and logistics companies. Microsoft has accused the Iranian government-backed Mint Sandstorm group of carrying out these attacks.

Kommersant previously reported that during the planning of the military operation against Iran starting on February 28, the U.S. and Israel also extensively used intelligence obtained from previous cyber intrusions into Iran's computer networks. For example, by cracking road surveillance cameras and intercepting communication information to locate Iranian senior officials, and during the attack on targets in downtown Tehran, they also used cyber attacks to cut off local mobile communication base stations.

The U.S. and Israeli cyber attacks on Iran, as well as the Stryker company's attack, show once again that modern armed conflicts rarely limit themselves to real battlefields, and are almost always accompanied by cyber warfare, causing serious consequences in the real world.

Original: toutiao.com/article/7618413736054800932/

Statement: This article represents the views of the author.