Iranian hackers blamed for breach of Los Angeles transit system that took weeks to recover

The first StrictlyVC of 2026 hits SF on April 30. Tickets are going fast. Register now. Get Disrupt Early Bird savings of up to $410 by May 29, 11:59 p.m. PT. Register now. TechCrunch Desktop Logo TechCrunch Mobile Logo LatestStartupsVentureAppleSecurityAIApps EventsPodcastsNewsletters SearchSubmit Site Search Toggle Mega Menu Toggle Topics Latest Security researchers say a March breach of the Los Angeles transit system (LACMTA) was the work of Iranian-backed hackers. Israeli startup Gambit Security said in a report on Tuesday that the hackers work for Iran’s Ministry of Intelligence and State Security (MOIS).  Reuters first wrote about the Gambit report.  A hacktivist group calling itself Ababil of Minab claimed responsibility for the earlier hack, saying they stole then deleted data from the LACMTA’s systems. The group’s name is a reference to the U.S. air strike on an Iranian school in the city of Minab that killed more than 175 people, mostly children.  “They are not a new, standalone hacktivist crew as they claim,” said Gambit. Ababil of Minab did not respond to a request for comment when contacted by TechCrunch. Gambit said its claims are based on forensic evidence that ties the group to a previous Iran-linked campaign, as well as activity attributed to the MOIS by Israel National Cyber Directorate. Gambit said it investigated other attacks against companies in Israel, Saudi Arabia, and Turkey. Contact Us Do you have more information about Ababil of Minab or other Iran-linked hackers and their cyberattacks? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email. If Gambit’s assessment is correct, Ababil of Minab would be the latest in a series of fake hacktivist groups that are working for the Iranian government. The most recent example is Handala, which earlier this year hacked U.S. medical tech giant Stryker, wiping thousands of company systems and employee devices. Following the Stryker breach, the FBI seized two Handala websites, and the U.S. Justice Department accused Iran’s government of being behind the hacktivist group and its attacks.  Iranian-linked hackers have increased their activities and their claimed hacks after the U.S. and Israel started bombing Iran earlier this year. In April, a coalition of U.S. agencies warned that Iranian hackers were targeting American critical infrastructure. StrictlyVC Athens is up next. Hear unfiltered insights straight from Europe’s tech leaders and connect with the people shaping what’s ahead. Lock in your spot before it’s gone. Newsletters See More Subscribe for the industry’s biggest tech news Every weekday and Sunday, you can get the best of TechCrunch’s coverage. TechCrunch Mobility is your destination for transportation news and insight. Startups are the core of TechCrunch, so get our best coverage delivered weekly. Provides movers and shakers with the info they need to start their day. By submitting your email, you agree to our Terms and Privacy Notice. Iranian hackers blamed for breach of Los Angeles transit system that took weeks to recover Lorenzo Franceschi-Bicchierai 3 minutes ago In Brief 7-Eleven data breach affects over 185,000 people’s personal data Zack Whittaker 2 hours ago X LinkedIn Facebook Instagram youTube Mastodon Threads Bluesky TechCrunchStaffContact UsAdvertiseCrunchboard JobsSite Map Terms of ServicePrivacy PolicyRSS Terms of UseCode of Conduct Google SearchSpotifyOuraTrump MobileMetaTech LayoffsChatGPT © 2026 TechCrunch Media LLC.