Pro-Iranian Group Ababil of Minab Claims Cyberattack on LACMTA

Pro-Iranian Group Ababil of Minab Claims Cyberattack on LACMTA

First seen 15 Apr 2026, 14:16 UTC Industrialcyber.CoRoute-FiftyDefenseonewww.dataminr.com 83% similarity 72.5

Article Content

Browse articles
ThreatCluster

On April 9, 2026, the pro-Iranian hacking group Ababil of Minab claimed responsibility for a cyberattack on the Los Angeles County Metropolitan Transportation Authority (LACMTA). The group alleged access to critical systems, including virtualization infrastructure, web servers, and rail yard management systems. They published evidence, including screenshots and videos, via their Telegram channel and website, asserting they had compromised internal systems. The attackers claimed to have wiped 500 TB of data and exfiltrated 1 TB of sensitive information. However, LACMTA has not confirmed the breach as of April 15, 2026. The attack raises concerns about operational technology exposure and safety implications for rail operations. The group's messaging indicates potential for further attacks, aligning with known patterns of Iranian-aligned cyber operations. The presence of an 'Activate Windows' watermark in the screenshots suggests they were taken from an attacker-controlled environment rather than legitimate LACMTA systems.

Key Points: • Ababil of Minab claims to have compromised LACMTA's critical systems. • The group alleges to have wiped 500 TB of data and exfiltrated 1 TB of sensitive information. • LACMTA has not confirmed the breach, and the attack raises operational safety concerns.

ThreatCluster AI

Timeline

2026-04-09
Ababil of Minab claims cyberattack on LACMTA.
2026-04-15
LACMTA has not confirmed or denied the breach.

Community

Browse all →