The Israeli firm Gambit Security said on Tuesday that a group tied to the Iranian regime carried out a cyber attack against the Los Angeles County Metropolitan Transportation Authority in March.
The Los Angeles Times reported in early April that a spokesman for the authority had confirmed the hack and said that it had “proactively limited employee access to many internal administrative computer systems after the agency’s security team discovered unauthorized activity.”
“Throughout this time, Metro’s essential rail and bus service has continued to run uninterrupted, as have our vital transit safety and security systems,” the Los Angeles County Metropolitan Transportation Authority spokesman told the paper.
Gambit Security released a report stating that Ababil of Minab claimed responsibility and said it had hacked data from the authority’s systems.
The group’s attack was part of a broader operation targeting organizations in the United States, Israel, Saudi Arabia and Turkey, per the Israeli firm.
“Our investigation found that Ababil of Minab is unlikely to be a new, standalone hacktivist crew as they claim,” Gambit Security stated.
“Forensic evidence ties the current operation to infrastructure and activity associated with a previous Iran-linked campaign, including activity publicly attributed by the Israel National Cyber Directorate to Iran’s Ministry of Intelligence and Security,” it said.
A spokesman for the authority told JNS that it “is still conducting its own investigation and won’t speculate on attribution while it’s ongoing.”
Annie Fixler, a senior fellow at the Foundation for Defense of Democracies and director of its cyber and technology innovation center, told JNS that “this is an example of how in the cyber domain we simultaneously over- and underestimate the threat from Iran.”
“Hackers backed by the ministry of intelligence of an American adversary hacked one of the largest metro systems in the country, and Washington has said nothing about it,” Fixler said. “We ignore these attacks at our peril. Iran will continue conducting cyber operations because it allows Tehran to punch back and do damage without soliciting a counter-response. If we responded, Tehran might have to reconsider.”
She added that “we need to be careful not to overblow the threat from Iranian hackers. Iran is better at the PR of cyber than the actual operations.”
“Iranian hacktivists and state-backed hackers regularly overstate the operational impact—claiming to cause outages, disruptions or even destruction of physical systems when in reality, they have often conducted a much more simplistic operation,” Fixler told JNS.
