Iranian-Linked Hackers Target Critical Infrastructure in Data-Wiping Attacks
A recent report by Israeli cybersecurity firm Gambit Security reveals that Iranian government-linked hackers conducted destructive cyberattacks on multiple critical infrastructure targets, including Los Angeles’s transit system. The threat actor exploited access to a virtual machine to delete critical operating-system data, disrupting operations.
The same group also launched data-wiping attacks against:
- The South Florida Regional Transportation Authority
- Agnik, a connected-vehicle technology firm
- A Saudi Arabian construction company involved in critical infrastructure projects
Gambit Security attributes the attacks to Black Shadow, a hacking group previously linked to Iranian state interests, dismissing claims that the perpetrators were a new pro-Iranian hacktivist collective. The incidents highlight escalating cyber threats targeting transportation and infrastructure sectors.
Agnik TPRM report: https://www.rankiteo.com/company/agnik-llc
"id": "agn1779813567",
"linkid": "agnik-llc",
"type": "Cyber Attack",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Transportation',
'location': 'Los Angeles, USA',
'name': 'Los Angeles’s transit system',
'type': 'Public Transportation'},
{'industry': 'Transportation',
'location': 'South Florida, USA',
'name': 'South Florida Regional Transportation '
'Authority',
'type': 'Public Transportation'},
{'industry': 'Connected-Vehicle Technology',
'name': 'Agnik',
'type': 'Private Company'},
{'industry': 'Construction',
'location': 'Saudi Arabia',
'name': 'Saudi Arabian construction company',
'type': 'Private Company'}],
'attack_vector': 'Exploitation of virtual machine access',
'data_breach': {'sensitivity_of_data': 'Critical',
'type_of_data_compromised': 'Operating-system data'},
'description': 'A recent report by Israeli cybersecurity firm Gambit Security '
'reveals that Iranian government-linked hackers conducted '
'destructive cyberattacks on multiple critical infrastructure '
'targets, including Los Angeles’s transit system. The threat '
'actor exploited access to a virtual machine to delete '
'critical operating-system data, disrupting operations. The '
'same group also launched data-wiping attacks against the '
'South Florida Regional Transportation Authority, Agnik (a '
'connected-vehicle technology firm), and a Saudi Arabian '
'construction company involved in critical infrastructure '
'projects. Gambit Security attributes the attacks to Black '
'Shadow, a hacking group previously linked to Iranian state '
'interests.',
'impact': {'data_compromised': 'Critical operating-system data deleted',
'operational_impact': 'Disrupted operations',
'systems_affected': 'Virtual machines, critical infrastructure '
'systems'},
'initial_access_broker': {'entry_point': 'Virtual machine'},
'motivation': 'Disruption of critical infrastructure, state-sponsored cyber '
'operations',
'references': [{'source': 'Gambit Security'}],
'threat_actor': 'Black Shadow',
'title': 'Iranian-Linked Hackers Target Critical Infrastructure in '
'Data-Wiping Attacks',
'type': 'Data-Wiping Attack'}