2026-05-26T10:08:21.386Z / reuters.com
2026年3月27日,美国华盛顿特区的一块屏幕上显示着与伊朗有关的黑客组织“汉达拉黑客团队”使用的网站。该组织曾宣称对联邦调查局局长卡什·帕特尔的个人电子邮件遭入侵事件负责。路透社/拉斐尔·萨特/档案照片
- 摘要
- 相关企业
- 以色列公司将此次入侵事件与伊朗国家支持的黑客组织关联
- 黑客声称在3月的网络攻击中删除了该公交系统的大量数据
- 阿巴比尔组织还宣称对Tri-Rail、Vyncs和Unimac的黑客攻击负责
5月26日(路透社)——以色列研究人员表示,伊朗黑客应对3月份导致洛杉矶公交系统被迫关闭部分网络的破坏性计算机入侵事件负责。
总部位于特拉维夫的网络安全公司甘比特安全公司(Gambit Security)表示,袭击者从洛杉矶县大都会交通局(LACMTA)窃取了至少700千兆字节的电子邮件、备份文件和其他资料,该公司是在这些被盗数据意外暴露在网上后发现它们的。
注册每日案卷新闻简报,将最新法律新闻直接发送至您的收件箱,开启您的早晨。点击此处注册
该公司在周二发布的一份报告中称,一系列数字证据链将发现被盗数据的服务器与此前以色列官员和研究人员认定为德黑兰所为的一起已知黑客行动关联起来。
伊朗常驻联合国代表团未回复置评请求。以色列国家网络局也未回复置评请求。
洛杉矶交通局未就调查结果回应记者提问。该局官员在上个月发布的一份声明中表示,他们正在与执法部门和网络专家合作,恢复系统运营。“归因工作是调查的一部分,我们不会进行猜测,”声明称。
自一个自称“米纳布阿巴比尔”的鲜为人知的亲伊朗组织宣称对此负责以来,数字安全专家就一直怀疑伊朗参与了针对洛杉矶县大都会交通局的行动。该组织的名称指代伊朗城市米纳布的一所女子学校爆炸事件,当地官员称该事件造成175多名儿童和教师死亡。其言论和作案手法符合美国和以色列研究人员所称的“自封志愿黑客组织”特征,这类组织被指是伊朗间谍的幌子。
甘比特安全公司的威胁情报主管埃亚尔·塞拉(Eyal Sela)表示,将阿巴比尔与伊朗国家关联“一直是一项既定假设”。
“我们的研究提供了法医证据来支持这一点,”他说。
甘比特安全公司是一家部分由以色列国防军8200部队(相当于美国国家安全局)退伍军人创立的安全初创公司,该公司表示已向相关当局通报了其调查结果。
阿巴比尔未回复通过其网站表单留下的留言。联邦调查局表示,其知晓洛杉矶县大都会交通局的这起事件,并正在“与合作伙伴协调应对措施”。联邦调查局拒绝进一步置评。美国民用网络防御机构网络安全与基础设施安全局未回复置评请求。
据称伊朗黑客自战争开始以来一直在活跃
洛杉矶县大都会交通局的官员在声明中称,此次入侵于3月16日左右被发现。大约两周后,阿巴比尔组织在网上现身,声称在一场破坏性网络攻击中删除了大量数据,并发布了一段据称显示他们在该公交系统网络中横行霸道的视频。
尽管洛杉矶交通官员表示,此次入侵并未中断火车或巴士的运行,但当地媒体称,该事件导致至少部分到站显示屏失灵,并阻止乘客为交通卡充值。
阿巴比尔组织还宣称对影响南佛罗里达州Tri-Rail通勤公交系统、车辆追踪公司Vyncs以及沙特基础设施公司Unimac的黑客攻击负责。
Tri-Rail在一份声明中证实,其在“大约一个月前”遭遇黑客攻击,但表示受影响的数据均非关键数据。Vyncs的所有者阿格尼克(Agnik)表示,其于4月2日发现数据泄露,但拒绝透露黑客窃取的数据性质。Tri-Rail和阿格尼克均表示联邦调查局已介入,阿格尼克在一封电子邮件中称,该局“对这些犯罪分子的身份已有相当了解”。Unimac未回复置评请求。
甘比特安全公司称,阿巴比尔背后的组织还黑客攻击了其他未公开身份的机构,该公司援引对该间谍组织留在网上的其他数据的分析指出,这些机构包括以色列的一家媒体机构和一所教育机构,以及土耳其的一家保险经纪公司,但塞拉拒绝进一步透露它们的身份。
据称,自美国和以色列于2月底对伊朗发动战争以来,伊朗黑客发动了一连串网络行动,包括对医疗设备公司史赛克(Stryker, SYK.N)的破坏性攻击,以及泄露联邦调查局局长卡什·帕特尔的个人电子邮件。本月早些时候,美国有线电视新闻网报道称,伊朗黑客还被怀疑远程篡改加油站的燃油计量表。
由拉斐尔·萨特在华盛顿、AJ·维森斯在底特律报道;约翰娜·温特在华盛顿补充报道;保罗·西芒奥编辑
我们的标准:路透社信托原则。
Iranian hackers responsible for Los Angeles transit system breach, Israeli researchers say
2026-05-26T10:08:21.386Z / reuters.com
The website used by the Handala Hack Team, an Iran-linked hacker group which has claimed credit for the breach of FBI Director Kash Patel?s personal email, is shown on a screen in Washington D.C., U.S., March 27, 2026. REUTERS/Raphael Satter/File Photo
- Summary
- Companies
- Israeli firm links breach to Iranian state-backed hackers
- Hackers claimed to have wiped large amounts of the transit system’s data in March cyberattack
- Ababil group also claimed hacks against Tri-Rail, Vyncs, and Unimac
May 26 (Reuters) – Iranian hackers were responsible for a disruptive computer breach in March that forced Los Angeles’ transit system to shut down parts of its network, Israeli researchers say.
The saboteurs stole at least 700 gigabytes of emails, backups, and other files from the Los Angeles County Metropolitan Transportation Authority (LACMTA), according to Gambit Security, a Tel Aviv-based cybersecurity firm that said it discovered the misappropriated data after it was inadvertently exposed online.
Jumpstart your morning with the latest legal news delivered straight to your inbox from The Daily Docket newsletter. Sign up here.
In a report
published on Tuesday, the company said a digital trail of evidence tied the server where the data was discovered to a previously known hacking operation that Israeli officials and researchers attributed to Tehran.
Iran’s mission to the United Nations did not return messages seeking comment. Israel’s National Cyber Directorate did not return messages.
The Los Angeles transit authority didn’t respond to questions about the findings. In a statement shared last month, its officials said they were working with law enforcement and cyber specialists as they brought their systems back online. “Attribution is part of the investigation and we will not speculate,” the statement said.
Digital security specialists have suspected an Iranian hand in the operation against the LACMTA ever since responsibility was claimed by an obscure pro-Iran outfit calling itself Ababil of Minab. The group’s name refers to the bombing of a girls’ school in the Iranian city of Minab that officials there say killed more than 175 children and teachers, and its rhetoric and modus operandi are characteristic of self-styled vigilante hacker groups that U.S. and Israeli researchers allege are cut-outs for Iranian spies.
Eyal Sela, Gambit’s director of threat intelligence, said a connection between Ababil and the Iranian state “has been a working assumption.”
“What our research adds is the forensic evidence to support it,” he said.
Gambit, a security startup founded in part by veterans of Unit 8200, Israel’s equivalent of the U.S. National Security Agency, said it had alerted relevant authorities to its findings.
Ababil did not return messages left via a form on its website. The FBI said it was aware of the LACMTA incident and was “coordinating with partners in response.” The FBI declined further comment. The U.S. civilian cyber defense body, the Cybersecurity and Infrastructure Security Agency, did not return messages seeking comment.
IRANIAN HACKERS ALLEGEDLY ACTIVE SINCE START OF WAR
The intrusion at LACMTA was detected around March 16, its officials said in their statement. About two weeks later, Ababil materialized online and claimed to have wiped an enormous amount of data in a destructive cyberattack, publishing a video that purported to show them rampaging through the transit system’s network.
Although Los Angeles transit officials said the breach did not interrupt circulation of trains or buses,
local media said
it disabled at least some arrival screens and prevented customers from putting money on their transit cards.
Ababil also has claimed credit for hacks affecting South Florida’s Tri-Rail commuter transit system, vehicle tracking company Vyncs, and Saudi infrastructure firm Unimac.
In a statement, Tri-Rail confirmed it had been hacked “about a month ago,” but said that none of the affected data was critical. Vyncs owner Agnik said it had detected its breach on April 2 but declined to comment on the nature of the data stolen by the hackers. Both Tri-Rail and Agnik said the FBI was involved, with Agnik saying in an email that the bureau “has a pretty good understanding of who these criminals are.” Unimac did not return messages seeking comment.
The group behind Ababil has hacked other organizations whose identity it has not publicized, Gambit Security said, citing its analysis of other data left online by the spies. Sela said they included a media organization and educational institution in Israel and an insurance brokerage in Turkey, but he declined to identify them further.
Iranian hackers allegedly have carried out a drumbeat of digital operations since the U.S. and Israel launched a war against Iran in late February, including a damaging attack on the medical device company Stryker
(SYK.N)
and the leak of personal emails belonging to FBI Director Kash Patel. Iranian hackers also are suspected of having remotely tampered with fuel gauges at gas stations,
CNN reported earlier this month
.
Reporting by Raphael Satter in Washington and AJ Vicens in Detroit; Additional reporting by Jana Winter in Washington; Editing by Paul Simao
Our Standards: The Thomson Reuters Trust Principles.
发表回复