Security researchers have linked a March cyberattack on the Los Angeles County Metropolitan Transportation Authority to Iranian-backed hackers.
The breach reportedly disrupted the agency’s systems and took weeks to recover from.
Israeli cybersecurity startup Gambit Security said in a report that the attackers were connected to Iran’s Ministry of Intelligence and State Security. The report was first covered by Reuters and later cited by TechCrunch.
A hacktivist group calling itself Ababil of Minab had earlier claimed responsibility for the attack. The group said it stole data from LACMTA’s systems and then deleted it. However, Gambit Security said the group is not a new independent hacktivist operation, despite how it presents itself online.
According to Gambit, its findings are based on forensic evidence that connects the group to a previous Iran-linked hacking campaign. The company also said the activity overlaps with cyber operations attributed to Iran’s intelligence ministry by Israel’s National Cyber Directorate.
Gambit said it also investigated related attacks against companies in Israel, Saudi Arabia, and Turkey. Ababil of Minab did not respond to TechCrunch’s request for comment.
If Gambit’s assessment is accurate, Ababil of Minab would be another example of a fake hacktivist group allegedly operating on behalf of the Iranian government. Similar claims have been made about Handala, another group that was accused earlier this year of hacking U.S. medical technology company Stryker and wiping thousands of company systems and employee devices.
After the Stryker breach, the FBI seized two Handala websites. The U.S. Justice Department later accused the Iranian government of being behind the group and its cyberattacks.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
Iran-linked hackers have reportedly increased their activity following U.S. and Israeli strikes on Iran earlier this year. In April, several U.S. government agencies warned that Iranian hackers were targeting American critical infrastructure, raising concerns about further attacks against public services and major organizations.
