Transport — Iran-MOIS destructive breach against LACMTA with deliberate backup and VM destruction

The window's standout transport-sector event was destructive, not extortive. Gambit Security attributed the LACMTA (Los Angeles Metro) breach to Iran's MOIS operating behind the "Ababil of Minab" hacktivist front, with ~700 GB exfiltrated and backups and virtual machines deliberately destroyed (2026-05-28). The relevance for European public-transit and public-sector defenders is the recovery-planning implication: where the adversary's objective is destruction rather than ransom, restoration assumes offline / immutable backups and rebuild-from-known-good capacity — controls that an extortion-only threat model under-provisions. The "hacktivist front for state destruction" pattern also complicates attribution and the public-comms response.