Iran's state-sponsored hacker group, known as Handala, has emerged as a key player in the country's cyber counterattacks, particularly in response to perceived threats from the US and Israel. The group's involvement in a recent breach of medical technology firm Stryker has highlighted Iran's use of "hacktivism" as a cover for its chaotic and retaliatory cyberattacks. Handala's tactics have raised concerns about the evolving nature of state-sponsored cyber threats, which often blend political activism with malicious intent1. The group's activities have significant implications for the global cybersecurity landscape, as they demonstrate Iran's willingness to use cyberattacks as a means of retaliation. As a result, organizations must be vigilant in monitoring their systems for potential breaches, particularly those in the medical technology sector. The Handala group's actions matter to cybersecurity practitioners because they signal a potential shift in the methods used by state-sponsored attackers, which could lead to downstream regulatory and supply-chain effects.