The LA Metro Attack Wasn’t Hacktivism. It Was a State Operation With a Costume On.

Staff Editor 2026-05-29
The LA Metro Attack Wasn’t Hacktivism. It Was a State Operation With a Costume On.

The LA Metro Attack Wasn’t Hacktivism. It Was a State Operation With a Costume On.

https://securityaffairs.com/192764/hacktivism/the-la-metro-attack-wasnt-hacktivism-it-was-a-state-operation-with-a-costume-on.html

Publish Date: 2026-05-27 09:52:07

Source Domain: securityaffairs.com

Summary:
In late March, a purported “hacktivist” group known as Ababil of Minab claimed responsibility for a significant cyberattack on the Los Angeles County Metropolitan Transportation Authority (LA Metro), wiping hundreds of terabytes of data and highlighting itself as a pro-Iran militant organization. Following a detailed forensic analysis by Israeli firm Gambit Security, it was revealed that the attack was not the work of a hacktivist group but rather the actions of a sophisticated team linked to Iran’s Ministry of Intelligence and Security (MOIS), also known as Black Shadow. The attackers used both scripted automation and direct methods to destroy data, while also leveraging consumer AI tools like ChatGPT to refine their malicious scripts. In addition to LA Metro, the attackers targeted several other entities, with varying degrees of destruction and data theft, suggesting an organized campaign rather than sporadic hacktivism. The investigation revealed that the group used multiple fraudulent infrastructures and tools reminiscent of known Iranian state-sponsored attack methods, thereby exposing the true nature of the operation.

Key Points:

  • The attack on LA Metro, attributed to a “hacktivist” group called Ababil of Minab, is linked to Iran’s intelligence service, MOIS, through forensic analysis.
  • The attackers used sophisticated methods involving both automated scripts and direct actions to systematically destroy data across targeted entities.
  • Additional victims identified through the attack’s staging infrastructure included media organizations, educational institutions, and businesses in multiple sectors across different countries.
  • The attack’s tools and techniques indicate state-level involvement rather than the actions of a hacktivist group, utilizing methods like custom encryption tools and even consumer AI for operational purposes.

More Stories

Cegecom joins forces with cybersecurity specialist F3C Systems in Luxembourg

Cegecom joins forces with cybersecurity specialist F3C Systems in Luxembourg

Staff Editor 2026-05-29
Cybersecurity trends in SEC filings

Cybersecurity trends in SEC filings

Staff Editor 2026-05-29
S Q1 Deep Dive: AI Security Momentum and Workforce Streamlining Shape Outlook

S Q1 Deep Dive: AI Security Momentum and Workforce Streamlining Shape Outlook

Staff Editor 2026-05-29

You may have missed

A.I. Doesn’t Have to Mean Layoffs

A.I. Doesn’t Have to Mean Layoffs

Staff Editor 2026-05-29
Cegecom joins forces with cybersecurity specialist F3C Systems in Luxembourg

Cegecom joins forces with cybersecurity specialist F3C Systems in Luxembourg

Staff Editor 2026-05-29
Pope Leo sees beauty in “wasting time together”

Pope Leo sees beauty in “wasting time together”

Staff Editor 2026-05-29
Cybersecurity trends in SEC filings

Cybersecurity trends in SEC filings

Staff Editor 2026-05-29
A.I. Boom Leads to Record Home Prices in San Francisco

A.I. Boom Leads to Record Home Prices in San Francisco

Staff Editor 2026-05-29

Terms and Conditions - Privacy Policy