Iranian Hackers Hit LA Transit Network

In March, the Los Angeles County Metropolitan Transportation Authority (LACMTA) experienced a significant computer network breach, with Israeli researchers now attributing the attack to Iranian hackers. Cybersecurity firm Gambit Security reported that at least 700 gigabytes of data, comprising emails and backups, were stolen and later inadvertently exposed online.

The breach, detected around March 16, led to the temporary shutdown of some LACMTA network systems, affecting arrival screens and transit card reloads, though train and bus operations were not interrupted. A group calling itself Ababil of Minab claimed responsibility for the attack, aligning with a modus operandi suspected by digital security specialists to be linked to Iranian intelligence.

Gambit Security's research suggests a forensic trail connecting the compromised server to a known hacking operation attributed to Tehran. This builds on previous suspicions following Ababil's claims, with the group also taking credit for hacks targeting South Florida's Tri-Rail, vehicle tracking company Vyncs, and Saudi infrastructure firm Unimac.

Iranian-linked cyber activity has reportedly increased since late February, with other alleged incidents including an attack on medical device company Stryker and the leak of personal emails. The FBI has stated it is aware of the LACMTA incident and is coordinating with partners in response.