Skip to content
Tech News
← Back to articles

Iranian hackers blamed for breach of Los Angeles transit system that took weeks to recover

2026-05-26 | original
read original get Cybersecurity USB Data Block → more articles
Why This Matters

The breach of the Los Angeles transit system by Iranian-backed hackers highlights the increasing cyber threats from nation-state actors targeting critical infrastructure. This incident underscores the importance for transit agencies and other infrastructure sectors to bolster cybersecurity defenses against sophisticated, politically motivated attacks. For consumers, it emphasizes the need for heightened awareness and resilience in the face of evolving cyber threats to public services.

Key Takeaways

In Brief

Security researchers say a March breach of the Los Angeles transit system (LACMTA) was the work of Iranian-backed hackers. Israeli startup Gambit Security said in a report on Tuesday that the hackers work for Iran’s Ministry of Intelligence and State Security (MOIS).

Reuters first wrote about the Gambit report.

A hacktivist group calling itself Ababil of Minab claimed responsibility for the earlier hack, saying they stole then deleted data from the LACMTA’s systems. The group’s name is a reference to the U.S. air strike on an Iranian school in the city of Minab that killed more than 175 people, mostly children.

“They are not a new, standalone hacktivist crew as they claim,” said Gambit.

Ababil of Minab did not respond to a request for comment when contacted by TechCrunch.

Gambit said its claims are based on forensic evidence that ties the group to a previous Iran-linked campaign, as well as activity attributed to the MOIS by Israel National Cyber Directorate. Gambit said it investigated other attacks against companies in Israel, Saudi Arabia, and Turkey.

Contact Us Do you have more information about Ababil of Minab or other Iran-linked hackers and their cyberattacks? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or . Do you have more information about Ababil of Minab or other Iran-linked hackers and their cyberattacks? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email

If Gambit’s assessment is correct, Ababil of Minab would be the latest in a series of fake hacktivist groups that are working for the Iranian government. The most recent example is Handala, which earlier this year hacked U.S. medical tech giant Stryker, wiping thousands of company systems and employee devices.

Following the Stryker breach, the FBI seized two Handala websites, and the U.S. Justice Department accused Iran’s government of being behind the hacktivist group and its attacks.

... continue reading

Explore topics: lacmta gambit security iranian hackers ababil of minab mois
Related:
World's First AI-Driven Cyberattack Couldn't Breach OT Systems
AI-Driven Cyberattack on Mexico Couldn't Breach OT Systems
Deforestation-induced drying lowers Amazon climate threshold
Allbirds is dumping its environmental mission as it pivots to AI
US cybersecurity agency issues an urgent alert as Iranian hackers attack critical infrastructure — CISA guidance warns organizations to immediately shield certain programmable logic controllers from the internet to thwart future attacks

© 2026 GoKawiil

About | Editorial Policy | Contact