Particle.news
Download on the App Store
4 ARTICLES
·
2d ago

Gambit Links March Hack of Los Angeles Transit to Iran-Linked Operatives

Forensic links to Iran's intelligence services suggest a state role that has prompted an FBI-coordinated probe.

The website used by the Handala Hack Team, an Iran-linked hacker group which has claimed credit for the breach of FBI Director Kash Patel?s personal email, is shown on a screen in Washington D.C., U.S., March 27, 2026. REUTERS/Raphael Satter/File Photo
One of the first trains open to the public arrives to the Wilshire/Fairfax station during the opening of the Metro D Line subway extension in Los Angeles on May 8, 2026. (Photo by Patrick T. Fallon / AFP / Getty Images)

Overview

  • Gambit Security published a report Tuesday saying it found roughly 700 gigabytes of LACMTA emails, backups and files that were exfiltrated in the March intrusion and later exposed online.
  • The intrusion was detected around March 16 and disabled some customer-facing systems such as arrival screens and fare reload functions while trains and buses continued to run.
  • Gambit's forensic analysis ties the server that held the stolen data to infrastructure and activity previously linked to Iran and to operations attributed to Iran’s Ministry of Intelligence and State Security by Israel’s cyber directorate.
  • The FBI says it is coordinating with partners on the incident, and LACMTA continues system recovery work while declining to speculate on attribution as investigations proceed.
  • Security firms and reporters place the breach in a broader uptick of alleged Iran-linked cyber operations since late February, a trend that raises fresh concerns about attacks on U.S. critical infrastructure and could prompt expanded defensive measures and investigations.