How Iranian Hackers Disrupted Los Angeles Metro Network, Shared Video Of Cyberattack

Last Updated:May 26, 2026, 19:37 IST

Israel-linked firm Gambit Security says pro-Iranian group Ababil of Minab hacked LACMTA in March, stealing 700 gigabytes of data and tying the attack to the Iranian state.

Iranian hackers were responsible for the breach in March that forced Los Angeles’ transit system to shut down parts of its network, Israel has claimed.

Reuters quoted Gambit Security, ‌a Tel Aviv-based cybersecurity firm, stating that the saboteurs stole at least 700 gigabytes of emails, backups, and other files from the Los Angeles County Metropolitan Transportation Authority (LACMTA). It claimed that Iran’s involvement was revealed during an investigation into an intrusion campaign targeting organizations in the United States, Israel, Saudi Arabia, and Turkey.

In its report published on Tuesday, the organization said that pro-Iranian persona “Ababil of Minab" claimed responsibility, including for the LA Metro (LACMTA) intrusion. “The activity surfaced publicly in late March and early April 2026, after a pro-Iranian persona calling itself Ababil of Minab claimed to have compromised the Los Angeles County Metropolitan Transportation Authority (LACMTA / LA Metro), destroyed systems, and exfiltrated data," it stated.

According to Los Angeles Times, the LA Metro shut down parts of its network after its security team detected hacking activity in March.

“On Monday, March 16, Metro proactively limited employee access to many internal administrative computer systems after the agency’s security team discovered unauthorized activity," an agency spokesperson said. “Throughout this time Metro’s essential rail and bus service has continued to run uninterrupted, as have our vital transit safety and security systems."

About two weeks later, Ababil materialised online and claimed to have wiped an enormous amount of data in a destructive cyberattack, publishing a video that purported to show them rampaging through the transit system’s network, Reuters reported.

Eyal Sela, Gambit’s director of threat intelligence, said a connection between Ababil and the Iranian state “has been a working assumption."

“What our research adds is the forensic evidence to support it," he said.

Reuters quoted Gambit Security saying that the group behind Ababil has hacked other organizations whose identity it has not publicized. Sela further said the organisations included a media organization and educational institution in Israel and an insurance brokerage in Turkey.

According to a CNN report, Iranian hackers allegedly have carried out a drumbeat of digital operations since the US and Israel ​launched a war against Iran in late February, including a damaging attack on the medical device company Stryker (SYK.N). Iranian hackers also are suspected of having remotely tampered with ​fuel gauges at gas stations.

Besides, reports have stated that Ababil has claimed ​credit for hacks affecting South Florida’s Tri-Rail commuter ​transit system, vehicle tracking company Vyncs, and ⁠Saudi infrastructure firm Unimac.

News world How Iranian Hackers Disrupted Los Angeles Metro Network, Shared Video Of Cyberattack

Read More