The LA Metro Attack Wasn’t Hacktivism. It Was a State Operation With a Costume On.

The report links the Ababil of Minab campaign that wiped hundreds of terabytes and exfiltrated data from LA Metro and other victims to Iran’s MOIS/Black Shadow, describing hands‑on and scripted destructive techniques, bespoke tooling (wipers, FileFiend, a Flask-based exfiltration server), staging infrastructure and indicators used for attribution.