{"id":220613,"date":"2026-05-26T11:47:00","date_gmt":"2026-05-26T15:47:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/26\/iranian-government-not-hacktivist-group-breached-la-metro-system-security-firm-says\/"},"modified":"2026-05-26T18:20:33","modified_gmt":"2026-05-26T22:20:33","slug":"iranian-government-not-hacktivist-group-breached-la-metro-system-security-firm-says","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/26\/iranian-government-not-hacktivist-group-breached-la-metro-system-security-firm-says\/","title":{"rendered":"Iranian government, not hacktivist group, breached LA Metro system, security firm says"},"content":{"rendered":"

Iranian government, not hacktivist group, breached LA Metro system, security firm says<\/a><\/p>\n

https:\/\/www.cybersecuritydive.com\/news\/iranian-government-not-hacktivist-group-breached-la-metro-system-securit\/821112\/<\/a><\/p>\n

Publish Date: 2026-05-26 11:47:00<\/a><\/p>\n

Source Domain: www.cybersecuritydive.com<\/a><\/p>\n

Author: <\/a><\/p>\n

Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n

Dive Brief:<\/p>\n

Iranian government-linked hackers sabotaged the computer infrastructure of Los Angeles\u2019s transit system by using access to a virtual machine to delete critical operating-system data, the Israeli cybersecurity firm Gambit Security said in a report published on Tuesday.
\nThe same threat actor also conducted data-wiping attacks on the South Florida Regional Transportation Authority, the connected-vehicle technology firm Agnik and a Saudi Arabian construction company that handles critical infrastructure projects, according to the report.
\nGambit dismissed the hackers\u2019 claims of being a new pro-Iranian hacktivist gang, instead attributing their operations to Black Shadow, a group that the Israeli government and private security firms have linked to Iran\u2019s Ministry of Intelligence and Security.<\/p>\n

Dive Insight:
\nThe U.S.-Israeli war against Iran has emboldened Tehran\u2019s hackers to pursue cyberattacks against critical infrastructure in the U.S. and other Western countries, leading to a series of breaches at infrastructure operators. That has included water and energy utilities, as federal agencies previously warned, but also transportation systems such as those in Los Angeles and southern Florida.
\nAt Agnik, the Iran-linked hackers used Python scripts to delete operating-system folders, databases and backup files for the company\u2019s Vyncs car GPS tracker service. Agnik shut down the service and worked with the FBI to investigate the intrusion, the company said in a summary of the April 2 attack. Agnik downplayed the hackers\u2019 damage, saying, \u201cOther than some small amount of data for [a] short period of time, we did not permanently lose any significant amount of data.\u201d
\nThe hackers used ChatGPT to improve their Python scripts, according to Gambit\u2019s analysis of a video that the group released. \u201cWe assume the actor asked for help filtering out SQL Server system databases from the enumeration so that DROP DATABASE would target only user databases,\u201d the security firm said.
\nBy accessing the hackers\u2019 staging infrastructure, Gambit was able to identify additional victims, including an Israeli media company, an Israeli university and a Turkish insurance firm. The hackers stole data from these organizations but did not wipe any of their servers, Gambit said.<\/p>\n

<\/p>\n","protected":false},"excerpt":{"rendered":"

Iranian government, not hacktivist group, breached LA Metro system, security firm says https:\/\/www.cybersecuritydive.com\/news\/iranian-government-not-hacktivist-group-breached-la-metro-system-securit\/821112\/ Publish Date:…<\/p>\n","protected":false},"author":1,"featured_media":220614,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/ZuwoEFbP19wVjKSdAa63AUlY8gwtHScL1nvJeXDlsMs\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0xMzE5NzU4MTE2LmpwZw==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,34],"class_list":["post-220613","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-threat-actor"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/220613"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=220613"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/220613\/revisions"}],"predecessor-version":[{"id":220615,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/220613\/revisions\/220615"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/220614"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=220613"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=220613"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=220613"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}