Iranian-Backed Hackers Compromise Los Angeles Transit System, Causing Prolonged Disruptions
In March 2026, the Los Angeles County Metropolitan Transportation Authority (LACMTA) experienced a significant cybersecurity breach attributed to Iranian-backed hackers. Israeli cybersecurity firm Gambit Security identified the perpetrators as operatives of Iran’s Ministry of Intelligence and State Security (MOIS). ([techcrunch.com](https://techcrunch.com/2026/05/26/iranian-hackers-blamed-for-breach-of-los-angeles-transit-system-that-took-weeks-to-recover/?utm_source=openai))
The cyberattack was claimed by a group named Ababil of Minab, which alleged to have stolen and subsequently deleted data from LACMTA’s systems. The group’s name references a U.S. airstrike on an Iranian school in Minab that resulted in over 175 fatalities, predominantly children. Gambit Security’s analysis suggests that Ababil of Minab is not an independent hacktivist entity but operates under the auspices of the Iranian government. ([techcrunch.com](https://techcrunch.com/2026/05/26/iranian-hackers-blamed-for-breach-of-los-angeles-transit-system-that-took-weeks-to-recover/?utm_source=openai))
This incident is part of a broader pattern of cyber activities linked to Iran. Earlier in 2026, the pro-Iranian hacktivist group Handala executed a cyberattack on U.S. medical technology company Stryker, leading to the remote wiping of thousands of employee devices. The U.S. Department of Justice subsequently accused the Iranian government of orchestrating Handala’s operations. ([techcrunch.com](https://techcrunch.com/2026/03/20/u-s-accuses-irans-government-of-operating-hacktivist-group-that-hacked-stryker/?utm_source=openai))
The escalation in cyberattacks by Iranian-linked groups coincides with increased geopolitical tensions following U.S. and Israeli military actions in Iran. In April 2026, U.S. agencies, including the FBI and the National Security Agency, issued warnings about Iranian hackers targeting American critical infrastructure sectors such as water utilities and energy facilities. ([techcrunch.com](https://techcrunch.com/2026/04/07/iranian-hackers-are-targeting-american-critical-infrastructure-u-s-agencies-warn/?utm_source=openai))
The breach of LACMTA underscores the vulnerabilities in critical infrastructure systems and the necessity for robust cybersecurity measures to protect against state-sponsored cyber threats.
