Pro-Iranian Group Claims Devastating Cyberattack on LA Metro — Alleges 500TB Data Wiped, Rail Systems Accessed

Summary

A pro-Iranian threat actor identifying itself as Ababil of Minab has claimed responsibility for a cyberattack against the Los Angeles County Metropolitan Transportation Authority (LACMTA). The group alleges it gained access to critical systems including virtualization infrastructure, web servers, and an operational rail yard management system used to control train movements.

According to the group’s claims, they wiped approximately 500 terabytes of data and exfiltrated 1 TB of sensitive information from LACMTA systems. If verified, this would represent one of the most destructive cyberattacks against U.S. public transit infrastructure in history. The attack comes amid an escalating pattern of Iranian-linked cyber operations targeting American critical infrastructure, following the broader Middle East conflict.

As of reporting, LACMTA has not publicly confirmed the breach or the extent of damage claimed. However, the World Economic Forum has separately highlighted the growing pattern of cyberattacks targeting U.S. infrastructure amid regional geopolitical tensions.

Sources

• Industrial Cyber — Ababil of Minab Claims Cyberattack on LACMTA
• World Economic Forum — Cyberattacks Target US Infrastructure

Commentary

Even with the caveat that threat actor claims should be treated skeptically until independently verified, this is deeply concerning. Access to rail yard management systems isn’t just a data theft issue — it’s a physical safety issue. The claimed 500TB wipe, if real, suggests destructive intent beyond espionage or extortion. This fits the pattern we’ve seen with Iran-linked groups like Handala, who recently wiped 80,000 Stryker medical devices: the goal is disruption and damage, not ransom.

U.S. transit authorities and critical infrastructure operators need to take this as a wake-up call. The gap between IT and OT security in public transit systems has been a known weakness for years, and groups like Ababil of Minab are clearly probing and exploiting it. Whether or not every detail of their claim holds up, the fact that they had enough access to make the claim credibly is alarming enough.