{"id":256891,"date":"2026-05-27T09:51:00","date_gmt":"2026-05-27T13:51:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/05\/27\/the-la-metro-attack-wasnt-hacktivism-it-was-a-state-operation-with-a-costume-on\/"},"modified":"2026-05-27T10:45:17","modified_gmt":"2026-05-27T14:45:17","slug":"the-la-metro-attack-wasnt-hacktivism-it-was-a-state-operation-with-a-costume-on","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/05\/27\/the-la-metro-attack-wasnt-hacktivism-it-was-a-state-operation-with-a-costume-on\/","title":{"rendered":"The LA Metro Attack Wasn&#8217;t Hacktivism. It Was a State Operation With a Costume On."},"content":{"rendered":"<p><a href=\"https:\/\/securityaffairs.com\/192764\/hacktivism\/the-la-metro-attack-wasnt-hacktivism-it-was-a-state-operation-with-a-costume-on.html?amp\">The LA Metro Attack Wasn&#8217;t Hacktivism. It Was a State Operation With a Costume On.<\/a><\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/192764\/hacktivism\/the-la-metro-attack-wasnt-hacktivism-it-was-a-state-operation-with-a-costume-on.html?amp\">https:\/\/securityaffairs.com\/192764\/hacktivism\/the-la-metro-attack-wasnt-hacktivism-it-was-a-state-operation-with-a-costume-on.html?amp<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-27 09:51:00<\/a><\/p>\n<p>Source Domain: <a href=\"securityaffairs.com\">securityaffairs.com<\/a><\/p>\n<p><h2>The LA Metro Attack Wasn\u2019t Hacktivism. It Was a State Operation With a Costume On.<\/h2>\n<\/p>\n<p>\t\t\t\t\t\t\t<span> Pierluigi Paganini<\/span><br \/>\n\t\t\t\t\t\t\t<span><img decoding=\"async\" src=\"https:\/\/securityaffairs.com\/wp-content\/themes\/security_affairs\/images\/clock-icon.svg\" alt=\"\"\/> May 27, 2026<\/span><\/p>\n<p>\t\t\t\t\t\t<img decoding=\"async\" class=\"img-fluid mb-4\" src=\"https:\/\/i0.wp.com\/securityaffairs.com\/wp-content\/uploads\/2015\/03\/iran-cyber-warfare.jpg?fit=500%2C340&#038;ssl=1\" alt=\"\"\/><\/p>\n<h2 class=\"wp-block-heading\">Iran\u2019s \u201chacktivist\u201d group Ababil of Minab, which hit LA Metro and wiped terabytes of data, is forensically linked to Iran\u2019s intelligence service MOIS.<\/h2>\n<p class=\"wp-block-paragraph\">In late March, a group calling itself Ababil of Minab posted videos and screenshots online claiming it had broken into the Los Angeles County Metropolitan Transportation Authority, wiped hundreds of terabytes of data, and stolen more than a terabyte of files. It framed itself as a pro-Iran hacktivist collective. Researchers at Israeli firm Gambit Security took one look at the infrastructure and didn\u2019t buy it.<\/p>\n<p class=\"wp-block-paragraph\">LA Metro confirmed the breach on April 2, 2026. The attack forced the authority to check hundreds of servers for signs of compromise before bringing them back online. Rail and bus services kept running, but internal operations were disrupted for weeks. The timing of the intrusion is visible in the attacker\u2019s own footage: at 03:37 AM on March 17, LA Metro posted on X that service alerts were delayed and riders couldn\u2019t load fares on the TAP Mobile App. That tweet went up hours after the attacker had already deleted virtual machines from LA Metro\u2019s vCenter environment. The destruction wasn\u2019t random clicking. <\/p>\n<p class=\"wp-block-paragraph\">\u201cThe actor carried out destruction using two methods: scripted automation and hands-on keyboard. In the scripted mode, the operator runs a program that iterates through an inventory and issues the destructive command against each entry.\u201d reads the report published by Gambit Security. \u201cIn the interactive mode, the operator opens the management consoles and operating system tools a legitimate administrator would use and deletes resources by pointing and clicking through them.\u201d<\/p>\n<p class=\"wp-block-paragraph\">The attacker opened vCenter, selected virtual machines, issued Power Off followed by Delete from Disk, and watched&#8230;<\/p>\n<p><a href=\"https:\/\/securityaffairs.com\/192764\/hacktivism\/the-la-metro-attack-wasnt-hacktivism-it-was-a-state-operation-with-a-costume-on.html?amp\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>The LA Metro Attack Wasn&#8217;t Hacktivism. It Was a State Operation With a Costume On&#8230;.<\/p>\n","protected":false},"author":1,"featured_media":256892,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/securityaffairs.com\/wp-content\/uploads\/2015\/03\/iran-cyber-warfare.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30],"class_list":["post-256891","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/256891"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=256891"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/256891\/revisions"}],"predecessor-version":[{"id":256893,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/256891\/revisions\/256893"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/256892"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=256891"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=256891"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=256891"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}