A March 2026 breach of the Los Angeles County Metropolitan Transportation Authority (LACMTA) has been attributed to the Iranian state-sponsored group Ababil of Minab, a front for Iran’s Ministry of Intelligence and Security (MOIS). The group claimed to have stolen and deleted data, with the attack assessed as part of a broader trend of Iranian-linked cyber activity targeting critical infrastructure following recent geopolitical tensions. No technical details on the attack vector, CVSS score, affected systems, patches, or workarounds are provided in the source article.
Threat Intelligence Iranian-backed hackers linked to Los Angeles transit system breach May 26, 2026 Share By SC Staff According to TechCrunch, security researchers have linked a March breach of the Los Angeles transit system to Iranian-backed hackers. An Israeli startup, Gambit Security, stated in a report that the group responsible for the attack works for Iran’s Ministry of Intelligence and State Security (MOIS). The hacktivist group Ababil of Minab initially claimed responsibility for the breach, stating they had stolen and subsequently deleted data from the Los Angeles County Metropolitan Transportation Authority (LACMTA) systems. Gambit Security, however, asserts that Ababil of Minab is not an independent hacktivist crew but rather a front for the MOIS. Their assessment is based on forensic evidence connecting the group to previous Iran-linked campaigns and activity attributed to the MOIS by the Israel National Cyber Directorate. Gambit also reported investigating other attacks against companies in Israel, Saudi Arabia, and Turkey. If Gambit's findings are accurate, Ababil of Minab represents another instance of fake hacktivist groups operating on behalf of the Iranian government, similar to the Handala group that recently targeted U.S. medical tech giant Stryker. This follows a broader trend of increased Iranian-linked hacking activities, particularly after U.S. and Israeli military actions against Iran earlier this year, prompting warnings from U.S. agencies about Iranian hackers targeting American critical infrastructure. Source: TechCrunch SC Staff Related Threat Intelligence North Korea’s Lazarus Group uses new RemotePE malware against financial targets SC Staff May 26, 2026 RemotePE is deployed through a multi-stage attack chain involving two loaders, DPAPILoader and RemotePELoader. Threat Intelligence Middle East malicious infrastructure report highlights concentration of C2 servers SC Staff May 22, 2026 The Hunt.io report identified over 1,350 C2 servers across 98 providers in 14 Middle Eastern countries. Saudi Telecom Company (STC) alone accounted for more than 72% of this regional activity, often through compromised customer systems. Threat Intelligence Former executives plead guilty in global tech support fraud scheme SC Staff May 22, 2026 Former CEO Adam Young and former CSO Harrison Gevirtz admitted to a misprision of a felony charge. They operated C.A. Cloud Attribution, Ltd. between early 2017 and April 2022, providing services to customers known to be engaged in telemarketing and tech support fraud scams. Related Events Cybercast Better Threat Intelligence Between Public and Private Sectors On-Demand Event Virtual Conference Nationwide Cybersecurity Summit 2025: Safeguarding America’s Digital Future On-Demand Event Virtual Conference Securing the Future of Finance: Strategies to Counter Modern Cyber Threats On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Deauthentication Attack Deepfake Defacement Denial of Service Dictionary Attack Distributed Scans Domain Hijacking DumpSec Google Hacking Password Cracking You can skip this ad in 5 seconds