In March, Iranian hackers executed a significant computer breach that disrupted parts of Los Angeles’ transit network. Israeli cybersecurity experts from Tel Aviv-based Gambit Security identified the breach. They reported the hackers extracted at least 700 gigabytes of sensitive data from the Los Angeles County Metropolitan Transportation Authority (LACMTA). The stolen data was discovered after being inadvertently exposed online.

According to a recent Gambit Security report, digital traces connect the compromised server to a known Iranian hacking operation. This operation has been linked to Tehran by both Israeli officials and researchers. The Los Angeles transit authority has stated they are cooperating with law enforcement and cybersecurity experts. They have withheld speculation concerning attribution but are actively investigating the breach as systems are restored.

A pro-Iran group named Ababil of Minab claimed responsibility for the attack. This group’s activities align with those of alleged Iranian espionage proxies. Their name references a tragic event involving a school bombing in Minab, Iran. These characteristics support the suspicions of U.S. and Israeli security specialists about their motives.

Eyal Sela, director of threat intelligence at Gambit, asserts their research establishes forensic evidence of the connection between Ababil and the Iranian state. The security firm, comprising Unit 8200 veterans, has informed relevant authorities about these findings. Meanwhile, attempts to contact Ababil through their website remain unanswered.

The breach at LACMTA came to light on March 16. About two weeks afterward, Ababil released a video, claiming to disrupt the transit network’s operations by destroying extensive data. Despite Ababil’s assertions, Los Angeles officials confirmed train and bus services remained operational, although some systems, such as arrival displays, were temporarily disabled.

Beyond the Los Angeles incident, Ababil also targets other entities. They include the South Florida Tri-Rail system and the vehicle tracking company Vyncs. Both organizations confirmed breaches, but neither suffered critical data loss. The FBI is participating in ongoing investigations related to these incidents.

Gambit’s analysis also uncovered evidence of Ababil’s incursions into other organizations, including an Israeli media outlet, an educational institution, and a Turkish insurance firm. Sela refrained from providing specific details about these victims.

Iranian cyber activities appear constant following intensified hostilities between Iran, the U.S., and Israel since February. Reported attacks feature a strike against the medical device manufacturer Stryker and a leak of emails belonging to FBI Director Kash Patel. Additionally, Iranian hackers are believed to have disrupted fuel gauges at various gas stations recently.