Iranian hackers blamed for breach of Los Angeles transit system that took weeks to recover
Source: TechCrunch
In Brief
Posted: 8:26 AM PDT · May 26, 2026
Image Credits: Patrick T. Fallon / AFP / Getty Images
Breach Overview
Security researchers say a March breach of the Los Angeles transit system (LACMTA) was the work of Iranian‑backed hackers. Israeli startup Gambit Security reported that the attackers work for Iran’s Ministry of Intelligence and State Security (MOIS). Reuters first covered the Gambit report.
Attribution
A hacktivist group calling itself Ababil of Minab claimed responsibility for the earlier hack, saying they stole then deleted data from the LACMTA’s systems. The group’s name references the U.S. air strike on an Iranian school in the city of Minab that killed more than 175 people, mostly children.
“They are not a new, standalone hacktivist crew as they claim,” said Gambit.
Gambit’s claims are based on forensic evidence that ties the group to a previous Iran‑linked campaign, as well as activity attributed to the MOIS by Israel’s National Cyber Directorate. The firm also investigated related attacks against companies in Israel, Saudi Arabia, and Turkey.
Related Threat Actors
If Gambit’s assessment is correct, Ababil of Minab would be the latest in a series of fake hacktivist groups operating for the Iranian government. A recent example is Handala, which earlier this year hacked U.S. medical‑tech giant Stryker, wiping thousands of company systems and employee devices. Following the Stryker breach, the FBI seized two Handala websites, and the U.S. Justice Department accused Iran’s government of operating the group.
Broader Context
Iranian‑linked hackers have increased their activities and claimed hacks after the U.S. and Israel began bombing Iran earlier this year. In April, a coalition of U.S. agencies warned that Iranian hackers were targeting American critical infrastructure.
References
- Los Angeles Metro confirms it was hacked, getting systems back online (LA Times)
- Gambit Security blog post on Ababil of Minab (MOIS) campaign
- Reuters article on Iranian hackers responsible for LACMTA breach
- Ababil of Minab tweet claiming responsibility
- AP News on U.S. air strike on Iranian school in Minab
- TechCrunch coverage of Handala’s Stryker hack
- FBI seizes Handala websites (TechCrunch)
- U.S. Justice Department accuses Iran’s government of operating Handala (TechCrunch)
- U.S. agencies warn of Iranian hackers targeting critical infrastructure (TechCrunch)