The LA Metro Attack Wasn’t Hacktivism. It Was a State Operation With a Costume On.
Iran’s “hacktivist” group Ababil of Minab, which hit LA Metro and wiped terabytes of data, is forensically linked to Iran’s intelligence service MOIS. In late March, a group calling itself Ababil of Minab posted videos and screenshots online claiming it had broken into the Los Angeles County Metropolitan Transportation Authority, wiped hundreds of terabytes of […]
In late March, a group calling itself Ababil of Minab posted videos and screenshots online claiming it had broken into the Los Angeles County Metropolitan Transportation Authority, wiped hundreds of terabytes of data, and stolen more than a terabyte of files. It framed itself as a pro-Iran hacktivist collective. Researchers at Israeli firm Gambit Security took one look at the infrastructure and didn’t buy it.
LA Metro confirmed the breach on April 2, 2026. The attack forced the authority to check hundreds of servers for signs of compromise before bringing them back online. Rail and bus services kept running, but internal operations were disrupted for weeks. The timing of the intrusion is visible in the attacker’s own footage: at 03:37 AM on March 17, LA Metro posted on X that service alerts were delayed and riders couldn’t load fares on the TAP Mobile App. That tweet went up hours after the attacker had already deleted virtual machines from LA Metro’s vCenter environment. The destruction wasn’t random clicking.
Related breach coverage
- Iranian intelligence service behind hack of LA transit system, researchers say2026-05-27
The hacking group claimed to be a standalone hacktivist crew but actually has ties to the Ministry of Intelligence of the Islamic Republic of Iran (MOIS), researchers at Gambit Security said in a report published Tuesday.
- LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers2026-05-27
The attack was claimed by a hacktivist group, but evidence showed it used infrastructure linked to Iranian government threat actors. The post LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers appeared first on SecurityWeek.
- Russia’s FSB Says Foreign Spies Infected Officials’ Phones With Malware2026-06-03
Russia’s FSB claims foreign intelligence planted malware on senior officials’ phones to intercept calls and activate cameras. No technical evidence, no country named. On June 2, 2026, Russia’s Federal Security Service (FSB) published a statement claiming it had uncovered and documented a large-scale foreign intelligence operation targeting the mobile devices of senior Russian officials. The […]
- Botnet of 17 Million Devices Dismantled in the Netherlands2026-05-30
Dutch authorities seized 200 servers running a 17-million-device botnet linked to proxy service Asocks. Dutch authorities have taken offline a massive botnet of at least 17 million devices and seized more than 200 servers at a local provider that supported the operation. Infected devices included computers, tablets, and smartphones. The action was carried out following […]