DistantNews
Support us
๐Ÿ‡ฎ๐Ÿ‡ฑ Israel /Energy & Infrastructure

Iranian intel. ministry-linked group behind LA public transport cyberattack, Israeli firm finds

From Jerusalem Post · () English

Summarized and contextualized by DistantNews.

At a glance

News Named sources Context piece
  • Iranian hackers are behind a March cyberattack that disrupted Los Angeles' transit system, according to Israeli researchers.
  • The attack involved stealing over 700 gigabytes of data and damaging systems, hindering recovery efforts.
  • Researchers linked the attack to a group known for operations attributed to Iran, providing forensic evidence to support the state connection.

An Israeli cybersecurity firm has identified an Iran-linked group as responsible for a disruptive cyberattack in March that impacted the Los Angeles County Metropolitan Transportation Authority (LACMTA). Gambit Security, a Tel Aviv-based firm, discovered over 700 gigabytes of stolen emails, backups, and other files from LACMTA inadvertently exposed online. The company's report links the server where the data was found to a hacking operation previously attributed to Tehran by Israeli officials and researchers.

While LACMTA officials stated they were working with law enforcement and cyber specialists and would not speculate on attribution, the attack caused disruptions to digital services for passengers, including arrival time displays and digital card top-ups. The transit authority claimed the service itself was not affected and found no indication of harm to customer or employee data.

Attribution is part of the investigation and we will not speculate.

โ€” LACMTA officialsResponding to questions about the cyberattack findings.

Gambit's investigation revealed the attack was not solely about data theft; attackers also acted to destroy systems and impede recovery. This included deleting virtual machines, databases, storage volumes, and damaging backup infrastructures, indicating an attempt to prolong LACMTA's return to normal operations. Digital security experts had already suspected Iranian involvement after an obscure pro-Iran group, Ababil of Minab, claimed responsibility. This group's rhetoric and methods align with self-styled hacker groups that researchers allege act as cut-outs for Iranian intelligence.

Eyal Sela, Gambit's director of threat intelligence, noted that a connection between Ababil and the Iranian state had been a working assumption. "What our research adds is the forensic evidence to support it," he said. The findings are particularly relevant as Los Angeles is set to co-host the FIFA 2026 World Cup, which begins on June 11.

What our research adds is the forensic evidence to support it.

โ€” Eyal SelaGambit's director of threat intelligence, commenting on the evidence linking the attack to Iran.
DistantNews Editorial

Originally published by Jerusalem Post. Summarized and contextualized by our editorial team with added local perspective. Read our editorial standards.

More Stories

From Our Blog