Iranian hackers blamed for breach of Los Angeles transit system that took weeks to recover

Security researchers say a March breach of the Los Angeles transit system (LACMTA) was the work of Iranian-backed hackers. Israeli startup Gambit Security said in a report on Tuesday that the hackers work for Iran’s Ministry of Intelligence and State Security (MOIS). 

Reuters first wrote about the Gambit report. 

A hacktivist group calling itself Ababil of Minab claimed responsibility for the earlier hack, saying they stole then deleted data from the LACMTA’s systems. The group’s name is a reference to the U.S. air strike on an Iranian school in the city of Minab that killed more than 175 people, mostly children. 

“They are not a new, standalone hacktivist crew as they claim,” said Gambit.

Ababil of Minab did not respond to a request for comment when contacted by TechCrunch.

Gambit said its claims are based on forensic evidence that ties the group to a previous Iran-linked campaign, as well as activity attributed to the MOIS by Israel National Cyber Directorate. Gambit said it investigated other attacks against companies in Israel, Saudi Arabia, and Turkey.

If Gambit’s assessment is correct, Ababil of Minab would be the latest in a series of fake hacktivist groups that are working for the Iranian government. The most recent example is Handala, which earlier this year hacked U.S. medical tech giant Stryker, wiping thousands of company systems and employee devices.

Following the Stryker breach, the FBI seized two Handala websites, and the U.S. Justice Department accused Iran’s government of being behind the hacktivist group and its attacks. 

Iranian-linked hackers have increased their activities and their claimed hacks after the U.S. and Israel started bombing Iran earlier this year. In April, a coalition of U.S. agencies warned that Iranian hackers were targeting American critical infrastructure.