Indonesian Political, Business & Finance News

Iran's Covert Cyber Attack Paralyses Los Angeles Transport Network

| Source: CNBC Translated from Indonesian | Technology
Iran's Covert Cyber Attack Paralyses Los Angeles Transport Network
Image: CNBC

Jakarta, CNBC Indonesia – A major cyber attack that partially paralysed Los Angeles’ public transport network in March has now been directly linked to Iranian hacking groups. The findings were revealed by Israeli cybersecurity researchers amid escalating digital warfare between Tehran and the United States (US) and its allies since the Middle East conflict began earlier this year.

Tel Aviv-based cybersecurity firm Gambit Security stated that the perpetrators successfully stole at least 700 gigabytes of data from the Los Angeles County Metropolitan Transportation Authority (LACMTA). The stolen data included emails, system backups, and various critical internal files from the Los Angeles transport authority.

In a report released on Tuesday (26 May 2026), Gambit said the digital traces found on the servers where the stolen data was located were linked to hacking operations previously associated with the Iranian government by Israeli officials and researchers.

Iran’s mission to the United Nations (UN) has not responded to requests for comment on the allegations. Meanwhile, Israel’s National Cyber Directorate also declined to comment.

Los Angeles transport authorities have not responded to questions about the investigation findings. In a statement last month, LACMTA officials said they were cooperating with law enforcement and cybersecurity specialists to restore affected systems.

‘Identifying the perpetrators is part of the investigation and we will not speculate,’ they stated, according to Reuters.

Suspicions of Iranian involvement emerged after the pro-Tehran group Ababil of Minab claimed responsibility for the attack. The group’s name refers to a bombing of a girls’ school in Minab, Iran, which local officials said killed over 175 children and teachers.

The group’s rhetoric and operational methods are said to closely resemble those of vigilante hacking groups, which US and Israeli researchers often identify as fronts for Iranian intelligence operations.

Gambit Security’s threat intelligence director, Eyal Sela, said the link between Ababil and the Iranian government has long been a key assumption among researchers.

‘The connection between Ababil and the Iranian government has been a working assumption,’ Sela said. ‘Our research has added forensic evidence to support this assumption.’

Gambit Security, a cybersecurity startup founded in part by former members of Israel’s Unit 8200 – a cyber intelligence unit often compared to the US National Security Agency (NSA) – said it had informed relevant authorities of its findings.

Ababil did not respond to messages sent via their website’s contact form. The FBI acknowledged awareness of the LACMTA incident and stated it was ‘coordinating with partners in response to the event’.

However, the FBI declined to comment further. The US civilian cyber defence agency, Cybersecurity and Infrastructure Security Agency (CISA), also failed to respond.

The Los Angeles transport system breach was first detected around 16 March. Two weeks later, Ababil appeared online claiming to have deleted large volumes of data via a destructive cyber attack. They even released a video allegedly showing destruction within the transport network.

Although Los Angeles officials stated train and bus services were not fully disrupted, local media reported partial failure of arrival displays and passengers unable to top up transport cards.

Ababil also claimed responsibility for attacks on Florida’s Tri-Rail commuter system, vehicle tracking firm Vyncs, and Saudi infrastructure company Unimac.

Tri-Rail confirmed its system was hacked ‘about a month ago’ but stated no critical data was affected. Vyncs owner Agnik said it detected a breach on 2 April but refused to detail the stolen data.

Both Tri-Rail and Agnik said the FBI was involved in the investigation. Agnik added via email that the bureau ‘has a good understanding of who these criminals are’.

According to Gambit Security, the group behind Ababil also attacked other unnamed organisations. Analysis of online data suggested targets included Israeli media and educational institutions, along with Turkish insurance broker firms.

However, Sela refused to disclose further details about the other victims.

Iranian hacking activities have reportedly surged since the US and Israel launched operations against Iran in late February. A series of digital operations have been reported, including attacks on medical equipment firm Stryker and the leak of FBI Director Kash Patel’s personal emails.

CNN reported earlier this month that suspected Iranian hackers allegedly conducted remote sabotage of fuel indicators at several petrol stations.

View JSON | Print