Security researchers have linked a major cyberattack on the Los Angeles County Metropolitan Transportation Authority (LACMTA) to hackers allegedly backed by the Iranian government, raising fresh concerns about escalating cyber warfare targeting critical infrastructure worldwide.
According to a new report by Israeli cybersecurity startup Gambit Security, the breach, which occurred in March, was carried out by a hacking group known as Ababil of Minab — a group the company says is connected to Iran’s Ministry of Intelligence and State Security (MOIS).
The cyberattack reportedly disrupted parts of Los Angeles’ public transit network and forced authorities into weeks of recovery efforts to restore affected systems.
The development was first reported by Reuters, which cited findings from Gambit Security’s investigation into the incident.
Hackers Claimed Responsibility for Attack
Following the breach, a self-described hacktivist group calling itself Ababil of Minab publicly claimed responsibility for the cyberattack.
The group alleged that it infiltrated LACMTA’s systems, stole sensitive data, and later deleted portions of it from the network.
Cybersecurity analysts believe the group’s name carries symbolic meaning. “Ababil of Minab” reportedly references a deadly U.S. airstrike on a school in the Iranian city of Minab that killed more than 175 people, many of them children.
However, Gambit Security dismissed the idea that the group was acting independently.
“They are not a new, standalone hacktivist crew as they claim,” Gambit said in its report, arguing that forensic evidence strongly links the group to previous Iranian state-backed cyber operations.
Cybersecurity Experts Trace Attack to Iranian Intelligence
According to the report, investigators found technical similarities between the Los Angeles transit system attack and earlier cyber campaigns previously attributed to Iran’s intelligence agencies.
Gambit Security said its conclusions were based on forensic evidence, operational patterns, and intelligence previously identified by the Israel National Cyber Directorate.
The researchers also linked the same cyber infrastructure to attacks targeting organizations in:
- Israel
- Saudi Arabia
- Turkey
Security experts warn that the incident reflects a growing trend in which nation-states use “hacktivist” groups as fronts for government-sponsored cyber operations.
Weeks of Recovery for Los Angeles Transit Network
The attack reportedly caused serious operational disruptions within the Los Angeles transit system, one of the largest public transportation networks in the United States.
Although officials have not publicly disclosed the full scale of the damage, reports indicate that recovery efforts lasted several weeks as cybersecurity teams worked to secure systems and restore normal operations.
LACMTA has not released detailed information regarding whether commuter services were directly affected or whether customer data was compromised during the attack.
Growing Threat of Iranian-Linked Cyber Groups
If Gambit Security’s findings are confirmed, Ababil of Minab would join a growing list of cyber groups allegedly operating on behalf of the Iranian government while presenting themselves as independent activists.
Cybersecurity researchers recently linked another Iran-aligned hacking group known as Handala to attacks against U.S. medical technology company Stryker.
That attack reportedly resulted in the wiping of thousands of company systems and employee devices earlier this year.
Experts say these groups are increasingly targeting transportation systems, healthcare networks, financial institutions, and government infrastructure as geopolitical tensions continue to rise globally.
Cybersecurity Concerns Continue to Rise
The latest revelations have renewed concerns about the vulnerability of public infrastructure to foreign cyberattacks.
Transportation systems are considered high-value targets because disruptions can affect millions of people, interfere with emergency response systems, and create widespread economic consequences.
Cybersecurity specialists are now calling for stronger international cooperation, increased investment in digital security infrastructure, and faster response mechanisms to defend critical public systems from future attacks.
English