It wasn’t just some random kids in basements. Not even close.
The March breach of the Los Angeles County Metropolitan Transportation Authority (LACMTA) has been linked to the Iranian government. Security researchers point a finger at hackers working directly for Iran’s Ministry of Intelligence and States Security (MOIS). Gambit Security, an Israeli startup, dropped the report Tuesday.
Ababil of Minab claimed they did it. They said they stole data, then deleted it. A bold move. But their name is heavy with intent. It references a US air strike on a school in Minab that killed over 175 people. Mostly children.
“They are not a new standalone hacktivist crew,” Gambit says. Simple. Direct. Ababil didn’t answer when TechCrunch called. Silence is rarely innocence in this game.
Gambit didn’t just guess. Forensics tie this group to an earlier Iran-linked campaign. Activity that the Israeli National Cyber Directorate already flagged as MOIS. The scope is wide, stretching back to hits on targets in Israel, Saudi Arabia and Turkey.
Is it a coincidence that Iran creates these “fake” hacktivist flags? Hard to argue that. This looks exactly like Handala. Earlier this year, Handala wiped systems at Stryker, the massive US medical tech company. Thousands of devices gone in the blink.
The US didn’t stay quiet about Stryker. The FBI seized two Handala sites. The Justice Department blamed Iran openly. A clear line was drawn.
If Gambit is right about LA, Ababil is just the latest costume for the same operator. Governments use proxies to hide their hand. They blame hackers to buy deniability. The transit systems were out for weeks. A long, slow recovery for millions of riders who just wanted to get home.
We still don’t know how much was really taken. Or if it’s just sitting there. Waiting.
