- Multiple Iranian news sites and the BadeSaba app were hacked during US Israeli strikes.
- Internet connectivity across Iran dropped sharply at two key moments.
- Security firms warn of possible Iranian cyber retaliation against US and Israeli targets.
- Past Iranian cyber responses have been limited, but current activity suggests rising risk.
Iran’s digital front lit up in the early hours of Saturday as cyber operations rippled across the country, unfolding alongside joint US and Israeli military strikes on Iranian targets. News sites were defaced, a popular religious app was hijacked, and internet connectivity across large parts of the country faltered in what security experts describe as a coordinated wave of cyber activity.
While the physical strikes dominated global headlines, the parallel online campaign signaled that the conflict is playing out just as aggressively in cyberspace.
News sites defaced and popular app compromised
Several Iranian news websites were altered to display politically charged messages, according to cybersecurity observers tracking the incident. But the most striking breach involved BadeSaba, a religious calendar app with more than five million downloads and a strong following among government supporters.
Instead of prayer times and religious guidance, users were greeted with messages urging Iran’s armed forces to lay down their weapons and join civilians. One message read, “It’s time for reckoning,” transforming a trusted religious tool into a digital platform for dissent.
Security researcher Hamid Kashfi described the move as strategically calculated. BadeSaba’s user base is largely religious and often aligned with government views. Targeting that audience carries psychological weight, potentially amplifying internal pressure at a sensitive moment.
Reuters was unable to reach BadeSaba’s leadership for comment. A spokesperson for US Cyber Command did not immediately respond to requests for clarification on whether American forces were involved in the cyber operations.
Internet connectivity drops sharply
Beyond website defacements and app breaches, Iran experienced significant internet disruption. Doug Madory, director of internet analysis at Kentik, noted two sharp drops in connectivity at 0706 GMT and again at 1147 GMT. At certain points, only minimal connectivity remained.
The cause of the outages remains unclear. Such disruptions can result from deliberate state action, defensive measures to contain cyberattacks, or infrastructure damage tied to military activity. In previous periods of unrest, Iranian authorities have restricted internet access to control the flow of information. It is not yet known whether this latest disruption followed a similar pattern.
The timing, however, suggests the digital instability was closely linked to the broader escalation unfolding on the ground.
Retaliation fears grow across cybersecurity sector
As Tehran weighs its response, cybersecurity firms are warning that the online phase of the conflict may only be beginning.
Rafe Pilling, director of threat intelligence at Sophos, said proxy groups and hacktivists aligned with Iran could soon target US and Israeli military, commercial, and civilian infrastructure. These operations may range from amplifying previously leaked data to attempting to disrupt internet facing industrial systems.
CrowdStrike’s Adam Meyers said his firm is already observing reconnaissance activity and distributed denial of service attacks linked to Iranian aligned actors. DDoS campaigns, which overwhelm online services with traffic, are often used as both symbolic and disruptive tools during geopolitical crises.
Anomali reported that state backed Iranian hacking groups had launched wiper attacks aimed at Israeli targets ahead of the military strikes. Wiper malware is designed to permanently erase data, making recovery difficult and signaling an intent to inflict lasting damage rather than simply steal information.
Cynthia Kaiser, a former senior FBI cyber official and now an executive at Halcyon, noted an uptick in activity across the Middle East. She also pointed to renewed calls to action from pro Iranian online personas known for hack and leak campaigns and ransomware attacks.
A familiar but restrained digital response
Despite Iran’s reputation as a capable cyber power often mentioned alongside Russia and China in US threat assessments, its past responses to direct military strikes have been comparatively restrained.
Following US strikes on Iranian nuclear facilities in June, analysts observed little in the way of major disruptive cyberattacks. Aside from a short lived service interruption in Tirana, Albania, the anticipated large scale digital retaliation did not materialize.
This history of muted response has led some experts to caution against assuming immediate escalation. Tehran may calculate that overt cyber aggression against Western targets risks triggering further retaliation.
Yet the present surge in activity suggests a more complex picture. Even if the Iranian government itself moves cautiously, loosely affiliated groups and ideologically driven hacktivists may act independently, creating a volatile and unpredictable digital battlefield.
What is clear is that the line between physical and cyber warfare continues to blur. Saturday’s events underscore how modern conflicts now unfold simultaneously across missiles, media, and malware.
Follow TechBSB For More Updates
