NEWS & RESOURCES /
NEWS

Reuters: Iranian Hackers Responsible for Los Angeles Transit System Breach

Reuters reports on Gambit Security's investigation showing that the destructive March attack on the Los Angeles County Metropolitan Transportation Authority — where attackers stole at least 700 GB of emails, backups, and files — was the work of Iran's MOIS operating behind the Ababil of Minab hacktivist persona.

Raphael Satter and A.J. Vicens

May 26, 2026

Reuters reported on Gambit Security's investigation into the March cyberattack that forced parts of the Los Angeles County Metropolitan Transportation Authority (LACMTA) offline. Gambit researchers discovered at least 700 GB of stolen LACMTA emails, backups, and files inadvertently exposed online — and matched the server to a previously known hacking operation Israeli officials and researchers have attributed to Tehran.

The findings undercut the "hacktivist" cover story used by Ababil of Minab, the group that claimed credit for the attack. Gambit's analysis ties Ababil to additional intrusions at Tri-Rail, vehicle-tracking firm Vyncs, Saudi infrastructure firm Unimac, and undisclosed targets in Israel and Turkey — a pattern consistent with state-directed activity rather than a standalone crew.

A connection between Ababil and the Iranian state has been a working assumption. What our research adds is the forensic evidence to support it.

Eyal Sela, Director of Threat Intelligence, Gambit Security

Related from Gambit:

• Blog: "Ababil of Minab: Iran-linked destruction and exfiltration campaign" (May 25, 2026) — the full technical report behind the Reuters story.

Read article on Reuters

Resilience, verified.
In your inbox

The latest from Gambit: research, insights, and live sessions

By subscribing, you agree to our Privacy Policy and consent to receive marketing emails. You can unsubscribe anytime.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Other News

NEWS
May 14, 2026

Bloomberg: Hacker Used Anthropic's Claude to Steal Mexican Data Trove

Bloomberg's tech-desk story (Andrew Martin and Carolina Millan) covers Gambit's launch-day research disclosing how an individual actor directed Claude Code through 1,000+...

Andrew Martin and Carolina Millan
Read More
NEWS
May 13, 2026

Chinese Hackers Spied on Cuban Embassy as US Prepared Blockade

Bloomberg's tech-desk story (Patrick Howell O'Neill) reports on Gambit's findings that Chinese state-sponsored hackers breached Cuba's embassy in Washington in January 2026,...

Patrick Howell O'Neill
Read More
Terms of Use
Privacy Policy