A series of cyberattacks hit Iran early Saturday, happening at the same time as joint U.S. and Israeli military strikes on targets inside the country, according to cybersecurity experts.
Several Iranian news websites were hacked and altered to display unexpected messages. One of the most striking incidents involved BadeSaba, a well-known religious calendar app with more than five million downloads. Users who opened the app saw messages saying, “It’s time for reckoning,” along with calls urging armed forces to lay down their weapons and stand with the public.
Internet access across Iran also dropped sharply during the day. According to internet analyst Doug Madory from Kentik, connectivity fell dramatically at around 12:51 PM Nepal Standard Time and again at 5:32 PM Nepal Standard Time. After these disruptions, only limited internet service remained in many parts of the country.
Reuters said it could not reach the chief executive of BadeSaba for comment. A spokesperson for U.S. Cyber Command also did not immediately respond to questions.
Security researcher Hamid Kashfi, founder of cybersecurity firm DarkCell, said targeting the BadeSaba app appeared to be a calculated move. He explained that the app is popular among religious and pro government supporters, suggesting the hackers were trying to send a direct message to that audience.
The Jerusalem Post reported that cyber operations also targeted Iranian government services and military systems in an effort to limit any coordinated response. However, Reuters said it was unable to verify those claims independently.
Experts are now warning that the situation could escalate further in cyberspace. Rafe Pilling, director of threat intelligence at Sophos, said that as Iran considers its next steps, proxy groups and hacktivists may carry out cyberattacks against Israeli and U.S.-linked military, commercial, or civilian targets.
These attacks could include resharing old data breaches and presenting them as new, simple attempts to break into exposed industrial systems, or even more direct offensive cyber operations, he said.
Cynthia Kaiser, a former top FBI cyber official who is now a senior vice president at anti-ransomware company Halcyon, said cyber activity across the Middle East has increased. Her firm has seen online calls to action from known pro-Iranian cyber figures who, in the past, have carried out hack and leak campaigns, ransomware attacks, and distributed denial of service attacks that overwhelm websites and make them inaccessible.
Adam Meyers, senior vice president of counter adversary operations at CrowdStrike, said the current activity may be an early sign of more aggressive operations ahead. He noted that CrowdStrike is already seeing activity linked to Iranian-aligned threat actors and hacktivist groups, including reconnaissance efforts and DDoS attacks.
Cybersecurity company Anomali also shared an analysis saying that Iranian state-backed hacking groups had launched “wiper” attacks before the strikes, aiming to erase data on Israeli targets.
Although U.S. officials often name Iran alongside Russia and China as a major cyber threat, Iran’s previous digital responses to attacks on its soil have sometimes been limited. In June, after U.S. strikes on Iranian nuclear facilities, there were no major disruptive cyberattacks reported, apart from a brief service interruption in Tirana, Albania’s capital, according to media reports.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
With tensions rising once again, experts believe the cyber battlefield could become just as important as military action in the days ahead.
