UNITED STATES, April 2026 — A cyber threat actor known as Ababil of Minab has claimed to breach the internal systems of the Los Angeles County Metropolitan Transportation Authority (LACMTA), reportedly accessing critical virtualisation infrastructure, web servers, and a rail yard management system. The group has shared screenshots and video evidence of this access on their Telegram channel and website.
Dataminr, a cyber-intelligence monitoring firm, reports that the group has allegedly gained administrative control over LACMTA's VMware vCenter environment, which manages numerous virtual machines, as well as Microsoft IIS web servers supporting internal and public applications. The released images include real-time displays from the rail yard showing train positions and track occupancy, raising concerns about the security of operational technology (OT).
Ababil of Minab also claims to have exfiltrated and deleted terabytes of data, but LACMTA has not confirmed any breach or operational impact. Cybersecurity experts caution that the evidence may originate from compromised systems rather than verified LACMTA infrastructure, leaving the group's true capabilities and intentions ambiguous.
This incident highlights the vulnerabilities faced by rail operators as information technology (IT) and operational technology (OT) systems become increasingly integrated. As transit agencies increasingly rely on digital platforms for critical functions, it is essential to implement robust cybersecurity measures, including network segmentation, continuous monitoring, and incident response planning, to protect critical systems and maintain public trust.
The claims of cyber intrusions serve as a reminder for the rail sector to enhance cybersecurity resilience in procurement, operations, and governance frameworks. With the expansion of digital capabilities and inter-agency dependencies, investments in protective technologies, threat intelligence sharing, and regulatory compliance will remain key to effective rail infrastructure planning globally.
Cyber Threat Claims Highlight Rail Control Vulnerabilities In U.S. Transit Network
Engineering Business Management
Share this story
Growing connectivity and digitisation in rail operations have broadened the attack surface for cyber adversaries, raising concerns among transport infrastructure planners and operators globally. A pro-Iranian threat actor has recently claimed a cyberattack on the Los Angeles County Metropolitan Transportation Authority’s control systems, underscoring emerging risks to rail operational technology and critical transit infrastructure. Verified impact remains unconfirmed, but the incident illustrates heightened emphasis on cybersecurity resilience in rail systems.
