Iranian government-backed hackers breached the Los Angeles transit system in a cyberattack that took weeks to recover from, according to an Israeli cybersecurity firm. The attackers operated under the fake hacktivist persona Ababil of Minab.
An Israeli cybersecurity firm attributed the Los Angeles transit system breach to Iran's government, identifying the attackers as operating behind a fabricated hacktivist identity called Ababil of Minab.
The breach represents part of a broader pattern of cyberattacks that emerged following the start of the war in Iran. The attackers have claimed responsibility for multiple data breaches using the same persona, suggesting a coordinated campaign rather than isolated incidents.
The LA transit system required weeks to fully recover from the attack, indicating significant disruption to operations and data systems. Details about the specific data compromised or the scope of the breach remain limited, though the extended recovery timeline suggests substantial damage.
Ababil of Minab had previously claimed credit for other data breaches, establishing a track record of attacks attributed to Iranian state actors. The use of a false hacktivist identity allows attackers to obscure their true origins while maintaining operational continuity across multiple targets.
The incident underscores vulnerabilities in critical infrastructure systems, particularly transportation networks that serve major metropolitan areas. Public transit systems manage sensitive operational data and passenger information, making them attractive targets for state-sponsored cyberattacks.
This attribution adds to documented cases of Iranian cyberattacks against U.S. infrastructure and organizations. Security experts have previously linked Iranian government-backed groups to attacks on various sectors including energy, healthcare, and technology.
The LA transit breach highlights ongoing tensions in the cyber domain as nations employ hacking campaigns to pursue political objectives. The extended recovery period reflects the operational challenges organizations face when responding to sophisticated state-sponsored attacks.
U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.
Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.
A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.