Ababil of Minab is a new pro-Iranian hacking group. The group named itself after the missile attack on Shajareh Tayyebeh School in Minab, Hormuzgan province in Southern Iran which occured on the 28 February 2026 resulting in the death of 168 school girls.
Ababil of Minab appears to be sponsored or aligned with Iranian state interests. The group explicitly states that its actions are a response to aggression. Unlike traditional ransomware groups, its primary objective is not financial gain but rather the mass destruction of data (wiping) and the public humiliation of its victims.
List of names used by the industry:
آبابیل میناب
Date founded:
Ababil of Minab’s Telegram and X profile were created on the 30 March 2026.
Social media handles/websites:
Telegram: t.me/ababilofminab
Website: ababilofminab.io
Previous operations:
9 April 2026: the group claimed responsibility for a cyber attack against the Los Angeles County Metropolitan Authority. You can read more about this attack in our previous article, here.
11 April 2026: the group posted again claiming that they had hacked the website vyncs.com, a smart GPS vehicle tracking platform that monitors location, driving behaviors and car health. Vyncs is one of the biggest GPS tracking technology companies in the US and more than 170,000 people in the country use it. It offers features such as trip history and theft alerts through its app. The group then published photos and videos detailing the hack stating they had accessed over 75 servers, exfiltrated 4TB of data and wiped over 250TB of data. They also sent over 1 million notifications in the app. They claim to have essentially carried out a full website defacement.
20 April 2026: The group claimed a hack on the US company UNIMAC, a maintenance and contracting company based in Saudi Arabia. The group claims it gained access to internal servers and extracted around 100GB of data, deleted 60TB of data and compromised 17 servers and rendered them inoperable.
Tactics/Techniques/Tradecraft/Procedures (TTP’s):
- Exploitation of Vulnerabilities: the group leverages critical flaws in management and collaboration software.
- “Double damage” Strategy: exfiltrate massive volumes of sensitive data (user PII and intellectual property) and wiping by securely deleting the infrastructure to prevent recovery.
- Notification Spam: in the attack on Vyncs, they sent more than 1 million push notifications to users’ devices.
Sources:
- ababilofminab.io
- Industrialcyber.com/industrial-cyber-attacks/ababil-of-minab
- Enigma-global.com/preview/report/pro-iranian-group-ababil-of-minab-claims-cyberattack-on-la-metro
