Iranian hackers responsible for Los Angeles transit system breach, Israeli researchers say

Israeli researchers at Gambit Security identified Iranian hackers as responsible for a March cyber breach that forced Los Angeles’ transit system to shut down portions of its network. The hackers stole at least 700 gigabytes of emails, backups, and other files from the Los Angeles County Metropolitan Transportation Authority (LACMTA), with digital evidence linking the attack to a previously known Iranian state-backed operation. The intrusion was detected around March 16, with Ababil of Minab, a pro-Iran hacker group, later claiming responsibility. The group published a video allegedly showing their access to the transit system’s network, though officials confirmed no disruptions to train or bus services. Local media reported disabled arrival screens and issues with transit card payments. Gambit Security traced the stolen data to a server connected to prior Iranian-linked hacking activities, including attacks on South Florida’s Tri-Rail commuter system, vehicle tracking firm Vyncs, and Saudi infrastructure company Unimac. The group has also targeted an Israeli media organization, an educational institution in Israel, and an insurance brokerage in Turkey, according to the firm’s analysis. The FBI acknowledged awareness of the LACMTA incident and confirmed coordination with partners, while LACMTA officials declined to speculate on attribution. Iran’s UN mission and Israel’s National Cyber Directorate did not respond to requests for comment. Ababil, which references a 1980s bombing in Iran, remains unconfirmed as a state actor but aligns with patterns of Iranian cyber operations.