Israeli cybersecurity startup Gambit Security has attributed a disruptive computer breach that forced Los Angeles' transit system to shut down parts of its network in March to Iranian hackers, according to a report by Reuters.
Details of the Breach
The hackers allegedly stole at least 700 gigabytes of emails, backups, and other files from the Los Angeles County Metropolitan Transportation Authority (LACMTA). Gambit Security discovered the stolen data after it was accidentally exposed online.
Connection to Iranian Hackers
In its report published on Tuesday, the company stated that the stolen data was found on a server linked to a previously known hacking operation involving Tehran. The cyberattack was claimed by a pro-Iran group called 'Ababil of Minab,' named after the bombing of a girls' school in the Iranian city of Minab that reportedly killed over 175 children and teachers.
Eyal Sela, Gambit's director of threat intelligence, noted that a connection between Ababil and the Iranian state has been a working assumption, and the research adds forensic evidence to support this.
Response from Authorities
The Los Angeles transit authority did not respond to questions regarding the findings. In a statement shared last month, officials said they were working with law enforcement and cyber specialists to restore systems. 'Attribution is part of the investigation, and we will not speculate,' the statement read.
The Iranian hacker group did not return messages left via a form on its website. The FBI declined further comment but confirmed awareness of the incident and coordination with partners.
Gambit Security's Role
Gambit, founded in part by veterans of Unit 8200 (Israel's equivalent of the US National Security Agency), said it had alerted relevant authorities to its findings.
Timeline and Impact
LACMTA officials detected the intrusion around March 16, two weeks before Ababil emerged and claimed responsibility. The group published a video showing their access to the transit system's network.
While officials said the attack did not interrupt train or bus circulation, local media reported that it disabled arrival screens and prevented customers from adding money to transit cards.
Other Targets
Ababil also claimed responsibility for cyberattacks on South Florida's Tri-Rail commuter transit system, vehicle tracking company Vyncs, and Saudi infrastructure company Unimac. Gambit Security said the group hacked other organizations, including an Israeli media outlet, an educational institution, and an insurance brokerage in Turkey.
Broader Context
According to CNN, Iranian hackers have allegedly conducted digital operations on a massive scale since the US and Israel launched a war against Iran in late February, including the leak of personal emails belonging to FBI Director Kash Patel.
