Iran-linked hackers reached LA Metro's rail-yard control display in March, Israeli firm finds

Iran-linked hackers reached LA Metro's rail-yard control display in March, Israeli firm finds

Briefly

"Iranian hackers were behind the cyber-attack that forced parts of the Los Angeles County Metropolitan Transportation Authority offline in March, according to research published on Tuesday by Gambit Security, a Tel Aviv cybersecurity firm that says it traced 700 gigabytes of stolen emails, backups and other files back to a server tied to a previously identified Iranian campaign. The data was found, the firm said, after it was inadvertently left exposed on a publicly reachable server."

"From there, Gambit's analysts followed configuration fingerprints back to an operation that Israeli officials and external researchers have separately attributed to Tehran. The conclusion is not that an Iranian government unit personally typed the commands but that the infrastructure used in the LACMTA intrusion is part of a known Iranian apparatus. The intrusion itself ran for several days in March before LACMTA's security team noticed unauthorised activity and severed parts of its network."

"Bus and light-rail services kept running. A group calling itself Ababil of Minab claimed responsibility in early April, posting Telegram screenshots that purported to show access to virtualisation infrastructure, web servers and, more concerningly, a rail yard management and train control display known internally as Division 11. The group alleged it had wiped 500 terabytes of data and exfiltrated a further terabyte."

"LACMTA confirmed partial access by the attackers but did not validate the volumetric claims. Ababil of Minab took its name from the bombing of a girls' school in the Iranian city of Minab. US and Israeli researchers have, since its emergence, described it as the kind of self-styled vigilante group that often functions as a cut-out for Iranian state actors, with thin public history and rhetoric that matches Te"