Iranian hackers blamed for breach of Los Angeles transit system that took weeks to recover

Security researchers say a March violation of the Los Angeles County Metropolitan Transportation Authority, or LACMTA, was the work of Iranian-backed hackers. Israeli startup Gambit Security he said in a report on Tuesday that the hackers were working for Iran’s Ministry of Intelligence and State Security (MOIS).

Reuters wrote first about the Gambit report.

A group of hacktivists calling themselves Ababil of Minab took responsibility about the previous hack, saying they stole and then deleted data from LACMTA’s systems. The group name is a reference to the US airstrike on an Iranian school in the city of Minab that killed more than 175 people, mostly children.

“It’s not a new, autonomous hacktivist crew as they claim,” Gambit said.

Minab’s Ababil did not respond to a request for comment when contacted by TechCrunch.

Gambit said its claims are based on forensic evidence linking the group to a previous campaign linked to Iran, as well as activity attributed to MOIS by Israel’s National Cyber ​​Directorate. Gambit said it investigated other attacks against companies in Israel, Saudi Arabia and Turkey.

If Gambit’s assessment is correct, Minab’s Ababil would be the latest in a line of fake hacktivist groups working for the Iranian government. The most recent example is Handala, which earlier this year hacked US medical technology giant Stryker, wiping out thousands of company systems and employee devices.

After the Stryker breach, the FBI seized two Handala websites, and the US Department of Justice accused the Iranian government of being behind the hacktivist group and its attacks.

Hackers linked to Iran have increased their activity and alleged intrusions after the US and Israel began bombing Iran earlier this year. In April, a coalition of US agencies warned that Iranian hackers were targeting critical US infrastructure.