In March, a cyberattack attributed to Iranian hackers disrupted the Los Angeles transit system. Researchers from Gambit Security, a cybersecurity firm based in Tel Aviv, identified the breach. The hackers accessed at least 700 gigabytes of data from the Los Angeles County Metropolitan Transportation Authority (LACMTA), including emails and backups. They discovered this data had been unintentionally exposed online.
This breach was linked to a previously known hacking group connected to Tehran. Israel’s National Cyber Directorate and Iran’s UN mission have not responded to inquiries. The Los Angeles transit authority also did not comment on the findings. They shared that they are collaborating with law enforcement and cyber experts to restore their systems. Their statement emphasized not speculating during the investigation.
The breach by an obscure pro-Iran group called Ababil of Minab attracted attention from digital security experts. The group’s rhetoric aligned with similar vigilante hacker organizations believed to be fronts for Iranian intelligence. Eyal Sela, director of threat intelligence at Gambit Security, noted evidence supporting the connection between Ababil and the Iranian state.
Gambit Security, with ties to Israeli military intelligence, has informed authorities about their findings. Ababil did not reply to queries sent through their website form. The FBI acknowledged the incident, stating coordination with partners but declining further comments. The Cybersecurity and Infrastructure Security Agency did not respond to communications either.
The intrusion at LACMTA was identified on March 16. About two weeks following, Ababil claimed the attack involved massive data destruction. The group released a video purportedly showing their actions within the transit system’s network. Despite these claims, transit services continued, though some arrival displays malfunctioned, and customers faced payment issues for transit cards.
Ababil has also claimed responsibility for hacking South Florida’s Tri-Rail system, vehicle tracking company Vyncs, and Saudi infrastructure firm Unimac. Tri-Rail confirmed a hack but noted the data affected wasn’t critical. Vyncs’ owner Agnik confirmed a breach on April 2, mentioning FBI involvement without detailing the data compromised. Unimac did not respond to comment requests.
According to Gambit Security, the group has targeted other organizations that remained unnamed. These include entities in Israel and Turkey, as per their analysis. However, further identification details were not disclosed by Sela.
Since late February, Iranian hackers reportedly increased digital activities against the US and Israel. Their targets included the medical device company Stryker and personal emails of FBI Director Kash Patel. They are also suspected of manipulating fuel gauges at gas stations, as reported by CNN.