LA Metro Cyberattack Linked to Iranian State-Sponsored Hackers

Iranian state-sponsored hackers are linked to a cyberattack on LA Metro, using infrastructure claimed by a hacktivist group. The attack vector is unclear, but it is believed to be a targeted operation. The LA Metro network is affected.

1. The attack is linked to Iranian government threat actors, using infrastructure claimed by a hacktivist group.
2. The impact scope is limited to LA Metro's network, with no reported data breaches or ransom demands.
3. The attack chain involves the use of infrastructure linked to Iranian government threat actors.
4. Detection opportunities include monitoring for suspicious network activity and analyzing system logs for signs of unauthorized access.

T1592 - Non-Executive IT Management: Use of compromised credentials or infrastructure

IP addresses linked to Iranian government threat actors, domains used in the attack

Implement network monitoring and logging to detect suspicious activity, and analyze system logs for signs of unauthorized access.