Destructive Campaign Targets Transportation Infrastructure
A coordinated cyberattack campaign linked to Iranian state actors has struck multiple organizations across the United States, Israel, and Turkey, with a focus on destroying IT systems, backups, and recovery infrastructure. The attacks, attributed to a persona called Ababil of Minab, have hit the Los Angeles County Metropolitan Transportation Authority (LA Metro) and the South Florida Regional Transportation Authority, among others. At LA Metro, attackers deleted virtual machines from inside the agency’s management console, disrupting fare loading on the TAP Mobile App. The campaign also affected Vyncs, a consumer GPS tracking service, as well as a company called UNIMAC and additional victims in the media, higher education, and insurance sectors.
How the Attackers Eliminated Recovery Options
Forensic analysis by Gambit Security indicates that Ababil of Minab is linked to Black Shadow, a group attributed to Iran’s Ministry of Intelligence and Security. The attackers used a combination of automated scripts and manual keyboard techniques to systematically destroy virtualization, backup, and database infrastructure. They hunted down backup systems, dropped database chains, and deleted operating system files to prevent restoration. In one case, the attacker used an AI chatbot to refine a custom destruction script. The operation goes beyond typical data theft, leaving victims with severely limited ability to recover their systems.
Source: Cyber Security News
