Security researchers say a March breach of the Los Angeles transit system was carried out by hackers linked to Iran’s Ministry of Intelligence and State Security, according to a report from Israeli startup Gambit Security. Reuters first reported the findings, and the claim challenges the group’s earlier public identity as a hacktivist crew called Ababil of Minab.
What the report alleges
Gambit Security said the hackers were not an independent hacktivist group, as they claimed, but an operation tied to Iran’s intelligence services.
The firm said its conclusion rests on forensic evidence connecting the group to a prior Iran-linked campaign and to activity attributed by Israel’s National Cyber Directorate to the MOIS.
Claimed responsibility
Ababil of Minab had previously said it stole data from LACMTA systems and then deleted it.
The group’s name refers to a deadly U.S. air strike in Minab, Iran, that killed more than 175 people, mostly children.
Wider pattern
Gambit said it also investigated other attacks against companies in Israel, Saudi Arabia, and Turkey.
The report fits a wider pattern in which fake hacktivist fronts are used to mask government-linked operations.
Related cases
The latest example cited is Handala, a pro-Iranian group that earlier this year attacked U.S. medical technology company Stryker.
After that breach, the FBI seized two Handala websites, and the U.S. Justice Department accused Iran’s government of being behind the group.
Security backdrop
Iranian-linked hacking activity has increased since the U.S. and Israel began bombing Iran earlier this year.
In April, U.S. agencies warned that Iranian hackers were targeting American critical infrastructure.
Featured image credits: SPARK Services
For more stories like it, click the +Follow button at the top of this page to follow us.