Israeli firm links Iran-backed hackers to Los Angeles transit cyberattack

Israeli startup Gambit Security has held Iranian hackers responsible for a disruptive computer breach that forced Los Angeles' transit system to shut down parts of its network in March, reported news agency Reuters.The hackers stole at least 700 gigabytes of emails, backups, and other files from the Los Angeles County Metropolitan Transportation Authority (LACMTA), according to Gambit Security, which said it discovered the stolen data after it was accidentally exposed online. In its report, published on Tuesday, the company said the stolen data was discovered on a server, linked to a previously known hacking operation, involving Tehran.The responsibility of the cyberattack was claimed by a pro-Iran outfit called ‘Ababil of Minab’, the name referring to the bombing of a girls' school in the Iranian city of Minab that allegedly killed more than 175 children and teachers.Eyal Sela, Gambit's director of threat intelligence, said a connection between Ababil and the Iranian state "has been a working assumption." According to him, the research adds to the forensic evidence to support this assumption.According to Reuters, the Los Angeles transit authority was unresponsive to questions regarding the findings. In a statement shared last month, its officials said they were working with law enforcement and cyber specialists as they brought their systems back online. "Attribution is part of the investigation, and we will not speculate," the ⁠statement said.The Iranian hacker group reportedly did not return messages left via a form on its website. Declining further comment, the FBI said it was aware of the LACMTA incident and was "coordinating with partners in response."Gambit, a security startup founded in part by veterans of Unit 8200, Israel's equivalent of the US National Security Agency, said it had alerted relevant authorities to its findings.According to LACMTA officials, the intrusion was detected around March 16. Two weeks before Ababil emerged and claimed to carry out the destructive cyberattack. The hacker group published a video of them rampaging through the transit system's network.While the Los Angeles transit officials said the attack did not interrupt the circulation of trains or buses, the local media, Eyewitness News, said the breach disabled at least some arrival screens and prevented customers from putting money on their transit cards.Ababil also claimed to have cyberattacked South Florida’s Tri-Rail commuter transit system, vehicle tracking company Vyncs, and ⁠Saudi infrastructure company Unimac.Ababil has also hacked other organisations whose identity it has not publicised, Gambit Security said these included an Israeli media organisation, an educational institution, and an insurance brokerage in Turkey.According to CNN, Iranian hackers have allegedly carried out digital operations on a massive scale since the US and Israel launched a war against Iran in late February, including the leak of personal emails belonging to the FBI director, Kash Patel.