Iranian intelligence service behind hack of LA transit system, researchers say
The hacking group claimed to be a standalone hacktivist crew but actually has ties to the Ministry of Intelligence of the Islamic Republic of Iran (MOIS), researchers at Gambit Security said in a report published Tuesday.
Iranian hackers working for the country’s intelligence service were behind the March breach of the Los Angeles County Metropolitan Transportation Authority (LACMTA), according to new research from an Israeli security firm.
The hacking group claimed to be a standalone hacktivist crew but actually has ties to the Ministry of Intelligence of the Islamic Republic of Iran (MOIS), researchers at Gambit Security said in a report published Tuesday.
The hacking group called itself Ababil of Minab, after the city where more than 175 teachers and children were killed in an Iranian school. The group took credit for the LACMTA breach early on, saying it exfiltrated the transit system’s data and destroyed its infrastructure.
Source: https://therecord.media/iranian-intelligence-behind-hack-of-la-transit-system
Related breach coverage
- The LA Metro Attack Wasn’t Hacktivism. It Was a State Operation With a Costume On.2026-05-27
Iran’s “hacktivist” group Ababil of Minab, which hit LA Metro and wiped terabytes of data, is forensically linked to Iran’s intelligence service MOIS. In late March, a group calling itself Ababil of Minab posted videos and screenshots online claiming it had broken into the Los Angeles County Metropolitan Transportation Authority, wiped hundreds of terabytes of […]
- Russia’s FSB Says Foreign Spies Infected Officials’ Phones With Malware2026-06-03
Russia’s FSB claims foreign intelligence planted malware on senior officials’ phones to intercept calls and activate cameras. No technical evidence, no country named. On June 2, 2026, Russia’s Federal Security Service (FSB) published a statement claiming it had uncovered and documented a large-scale foreign intelligence operation targeting the mobile devices of senior Russian officials. The […]
- Meet GREYVIBE, the Russia-Linked Hacking Group Using AI to Target Ukraine and Still Making Rookie Mistakes2026-05-29
GREYVIBE, a Russia-linked group active since 2025, targets Ukraine with AI-assisted malware and five attack chains. Researchers say it’s part spy op, part crime gang. Security firm WithSecure has been tracking a previously unknown Russian-linked APT group called GREYVIBE since at least August 2025. The group targets Ukraine and Ukrainian-related organizations across military, government, civilian, […]
- LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers2026-05-27
The attack was claimed by a hacktivist group, but evidence showed it used infrastructure linked to Iranian government threat actors. The post LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers appeared first on SecurityWeek.