Security researchers say a breach into Los Angeles' transit system (Los Angeles County Metropolitan Transportation Authority, LACMTA) in March was the work of Iranian-backed hackers. Israeli startup Gambit Security said in a report on Tuesday that the hackers worked for Iran's Ministry of Intelligence and State Security (MOIS).
Reuters first wrote about the Gambit report.
A hacktivist group calling itself Minab's Ababil claimed responsibility for the earlier hack, claiming to have stolen data from LACMTA's systems and then deleted it. The group takes its name from a US airstrike on an Iranian school in the city of Minab that killed more than 175 people, mostly children.
“They are not a new independent hacktivist group as they claim to be,” Gambit said.
When TechCrunch reached out to Minab's Ababil, he did not respond to a request for comment.
Gambit said the claim is based on forensic evidence linking the group to past Iran-related campaigns, as well as activity that Israel's National Cyber Directorate identifies as MOIS. Gambit said it was also investigating other attacks against companies in Israel, Saudi Arabia and Turkey.
Contact Us Want more information about Ababil of Minab and other Iran-linked hackers and their cyberattacks? You can contact Lorenzo Franceschi-Bicchierai securely from a non-work device on Signal (+1 917 257 1382) or on Telegram and Keybase @lorenzofb or by email.
If Gambit's assessment is correct, Minab's Ababil would be the latest in a series of pseudo-hacktivist groups working on behalf of the Iranian government. The most recent example is Handala, which hacked US medical technology giant Stryker earlier this year, wiping thousands of company systems and employee devices.
Following the Stryker breach, the FBI seized two Handara websites, and the U.S. Department of Justice accused the hacktivist group and the Iranian government of being behind the attacks.
Activity and hacking claims by Iranian-linked hackers have increased since the United States and Israel began bombing Iran earlier this year. In April, a coalition of U.S. government agencies warned that Iranian hackers were targeting critical U.S. infrastructure.