LA Metro Cyber Attack Linked to Iranian State Sponsored Hackers Exposed

Cybersecurity Breach Hits Los Angeles County Metropolitan Transportation Authority

The Los Angeles County Metropolitan Transportation Authority (LACMTA), also known as LA Metro, suffered a significant cybersecurity breach in mid-March. This incident led to internal operational disruptions, but fortunately did not affect rail and bus services.

Attack Details

• Hundreds of servers were thoroughly examined for signs of compromise before being restored to service.
• Around 1 terabyte of sensitive files were stolen by the hackers.
• Screenshots and videos showing the group’s access to LA Metro’s internal systems were released online.
• These systems included a core virtualization management platform and an operational technology (OT) system used to monitor trains.

Attribution

About Ababil of Minab

• Ababil of Minab is believed to be an emerging group with limited public presence and unclear intentions.
• Gambit, a cyber resilience firm from Israel, conducted research on the group and found connections to infrastructure previously used by Iranian government-affiliated hackers.
• Gambit concluded that Ababil of Minab is likely not a standalone hacktivist crew but rather an offshoot of a larger entity.

Recent Attacks

• Gambit discovered that Ababil of Minab has launched multiple attacks against organizations in the US, Israel, Saudi Arabia, and Turkey.
• In these incidents, the attackers exfiltrated data and engaged in destructive activities.
• Victims include an Israeli media organization, a higher education institution, a Turkish insurance brokerage, and various entities in the restaurant, cultural, digital services, and news sectors.

Conclusion

The LA Metro cybersecurity breach serves as a reminder of the ongoing threats posed by state-sponsored hacking groups and emphasizes the importance of robust cybersecurity measures to prevent and respond to such attacks.

About Author

Anuj

See author's posts