LA Metro discovered a breach in mid-March that caused internal operational disruptions without affecting rail and bus services. Hundreds of servers required inspection for signs of compromise before being restored. The incident was later claimed by Ababil of Minab, a pro-Iran hacktivist group. The attackers allegedly wiped hundreds of terabytes of data and exfiltrated more than 1TB of files. Published screenshots and videos showed access to internal systems, including a core virtualization management platform, a Microsoft IIS web server hosting internal and public-facing assets, and an operational technology system used to monitor trains. Dataminr noted limited public profile and little verifiable prior activity, making capability and intent assessment premature. Gambit found links between Ababil of Minab infrastructure and activity associated with an Iran-linked group tied to Iran’s Ministry of Intelligence.
"A few days later, the attack on LA Metro was claimed by Ababil of Minab, which purports to be a pro-Iran hacktivist group. The threat actor allegedly wiped hundreds of terabytes of data and exfiltrated more than 1TB worth of files. The hackers published screenshots and videos to demonstrate that they had access to LA Metro's internal systems, including a core virtualization management platform, a Microsoft IIS web server instance hosting internal and public-facing assets, and even an operational technology (OT) system used to monitor trains."
"Israeli cyber resilience firm Gambit has analyzed the Ababil of Minab group and found links to infrastructure previously used by hackers tied to the Iranian government. "Our investigation found that Ababil of Minab is unlikely to be a new, standalone hacktivist crew, as they claim," Gambit said in its report. "Forensic evidence ties the operation to infrastructure and activity associated with Black Shadow, an Iran-linked group, which was attributed by the Israel National Cyber Directorate to Iran's Ministry of Intelligence and""
#cyberattack #iran-linked-threat-activity #critical-infrastructure-transportation #data-exfiltration-and-wiping #operational-technology-ot
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]