Israeli cybersecurity researchers have linked a major cyberattack on the Los Angeles County Metropolitan Transportation Authority (LACMTA) to Iranian hackers, adding to growing concerns about escalating cyber warfare tied to tensions between the United States and Iran.

According to a report published Tuesday by Tel Aviv-based cybersecurity firm Gambit Security, Iranian-linked hackers were behind a March breach that disrupted parts of Los Angeles’ public transit network and exposed massive amounts of sensitive data.

The researchers said the attackers stole at least 700 gigabytes of emails, backups and internal files from LACMTA systems before portions of the compromised data were accidentally exposed online.

Transit Systems Temporarily Disrupted

Although train and bus operations reportedly continued during the incident, the cyberattack disrupted several digital services connected to the transit system.

Local reports indicated that some passenger arrival screens went offline, while customers experienced problems adding funds to transit cards and accessing parts of the agency’s network infrastructure.

LACMTA officials have not publicly confirmed the attribution to Iran. In previous statements, transit authorities said they were working alongside law enforcement agencies and cybersecurity specialists to investigate the breach and restore affected systems.

“Attribution is part of the investigation and we will not speculate,” transit officials said in an earlier statement.

Researchers Trace Attack to Iran-Linked Operation

Gambit Security said investigators discovered a “digital trail” connecting the exposed server to a previously known hacking campaign that Israeli researchers and officials have attributed to Tehran.

The cyberattack was reportedly claimed by a pro-Iran hacking group known as “Ababil of Minab,” which has also been connected to other attacks targeting transportation and infrastructure systems.

The researchers said the group appeared to use destructive cyber tools capable of wiping systems and damaging networks after extracting data.

Iran’s mission to the United Nations did not immediately respond to requests for comment regarding the allegations.

Growing Cyber Conflict Between Iran and the West

The latest findings come amid rising cyber tensions linked to the broader conflict involving Iran, the United States, and Israel.

Security analysts say Iranian-linked cyber groups have increasingly targeted Western infrastructure, transportation systems, government officials and private companies since military tensions escalated earlier this year.

The same Iran-linked networks have previously been accused of targeting U.S. infrastructure systems, hacking personal accounts of senior officials, and launching disruptive attacks against organizations in Israel and Saudi Arabia.

Cybersecurity experts warn that transportation networks remain especially vulnerable because of their heavy dependence on interconnected digital systems for scheduling, payment processing, communications, and operational control.

Cybersecurity Threats Increasing Globally

The Los Angeles breach highlights the growing role of cyber warfare in international conflicts, where governments and affiliated hacker groups increasingly target civilian infrastructure to create disruption without direct military confrontation.

Analysts say attacks on transit systems are particularly concerning because they can affect millions of commuters, disrupt economic activity and undermine public confidence in essential services.

The incident also raises renewed questions about the ability of local governments and public agencies to defend critical infrastructure against sophisticated state-linked cyber threats.

As investigations continue, U.S. federal agencies are reportedly coordinating with cybersecurity firms and transit officials to determine the full scope of the breach and whether additional systems may have been compromised.

________________________________________________________________________________________________________________