Iranian hackers have been blamed for a breach of Los Angeles’ transportation system that took weeks to recover

Security researchers say the hack of Los Angeles’ transit system (the Los Angeles County Transit Authority, or LACMTA) in March was the work of Iranian-backed hackers. Israeli startup Gambit Security said in a report on Tuesday that the hackers worked for the Iranian Ministry of Intelligence and State Security.

Reuters first reported on the maneuver report.

A group of hacking activists calling themselves “Ababil Minab” claimed responsibility for the previous hack, saying it stole data from LACMTA systems and then deleted it. The group’s name is a reference to the US air strike on an Iranian school in the city of Minab that killed more than 175 people, most of them children.

“They are not a new, independent crew of hacktivists as they claim,” Gambit said.

Ababil Minab did not respond to a request for comment when contacted by TechCrunch.

Gambit said its claims are based on forensic evidence linking the group to a previous Iran-linked campaign, as well as activity attributed to the Intelligence Ministry by Israel’s National Cyber ​​Directorate. Gambit said it investigated other attacks against companies in Israel, Saudi Arabia and Turkey.

If Gambit’s assessment is correct, Ababil Minab would be the latest in a series of fake hacking groups working for the Iranian government. The most recent example is Handala, which earlier this year hacked US medical technology giant Stryker, wiping thousands of company systems and employee devices.

Following the Stryker hack, the FBI seized two Hanzala websites, and the US Department of Justice accused the Iranian government of being behind the hacking group and its attacks.

Iran-linked hackers increased their activities and alleged intrusions after the United States and Israel began bombing Iran earlier this year. In April, a coalition of US agencies warned that Iranian hackers were targeting US critical infrastructure.