In the early hours of Saturday, a significant wave of cyberattacks unfolded in tandem with a coordinated military strike by the United States and Israel targeting multiple locations across Iran. Cybersecurity analysts and observers noted that these digital operations were carefully timed to coincide with the physical assaults, amplifying the overall impact on Iranian infrastructure. Among the affected targets were several news websites that were hacked to display provocative messages, signaling a broader psychological and informational campaign alongside kinetic military actions.
One of the most notable cyber intrusions involved the religious calendar application BadeSaba, which boasts over five million downloads and is widely used across Iran. Hackers managed to infiltrate the app, replacing its usual content with urgent messages urging users to reconsider their allegiances. The displayed texts included phrases such as “It’s time for reckoning” and called on members of the armed forces to lay down their weapons and join the civilian population. This move was particularly strategic, as BadeSaba is popular among government supporters who tend to hold strong religious convictions, making the messaging potentially more impactful. Efforts to reach BadeSaba’s chief executive for comment were unsuccessful, and representatives from U.S. Cyber Command did not immediately respond to inquiries about their involvement or stance on the cyber operations.
Meanwhile, internet connectivity across Iran experienced sharp declines at two critical moments during the day—first at 0706 GMT and again at 1147 GMT—leaving only minimal access to online services. Doug Madory, director of internet analysis at Kentik, highlighted these disruptions in a detailed post, suggesting that the outages were likely linked to the ongoing cyber campaign aimed at destabilizing Iran’s digital communications. These connectivity drops further complicated Iran’s ability to coordinate a swift response to the unfolding military and cyber offensives.
Cybersecurity experts emphasized the tactical nature of the attacks, noting that the targeting of BadeSaba was a calculated effort to undermine government morale by reaching a religiously inclined user base. Hamid Kashfi, founder of the cybersecurity firm DarkCell, described the hack as a “smart move” given the app’s demographic. Additionally, reports indicated that Iranian government services and military digital infrastructure were also hit by cyber operations designed to disrupt command and control capabilities, thereby hindering Iran’s ability to mount a coordinated counterattack. While some media outlets have reported on these developments, independent verification of all claims remains limited.
As Iran evaluates its options in the aftermath of these strikes, cybersecurity professionals warn of a heightened risk that Iranian proxy groups and affiliated hacktivists may escalate retaliatory cyberattacks targeting Israeli and U.S. military, commercial, or civilian networks. Rafe Pilling, director of threat intelligence at Sophos, highlighted the possibility of these groups amplifying previously leaked data breaches or attempting less sophisticated intrusions aimed at critical industrial systems exposed to the internet. There is also concern about the potential for more direct and aggressive offensive cyber operations in the near future.
The broader Middle East region has witnessed a noticeable uptick in cyber activity, with former FBI cyber official Cynthia Kaiser pointing out that pro-Iranian cyber actors have issued calls to action. These groups have a history of engaging in hack-and-leak campaigns, ransomware attacks, and distributed denial-of-service (DDoS) operations that overwhelm online services, rendering them inaccessible. Kaiser noted that the current surge in cyber operations could be a precursor to even more forceful digital offensives.
Supporting this assessment, Adam Meyers, senior vice president of counter adversary operations at CrowdStrike, revealed that Iranian-aligned threat actors and hacktivist groups are already conducting reconnaissance missions and initiating DDoS attacks. These activities suggest a coordinated effort to probe vulnerabilities and prepare for sustained cyber conflict. Furthermore, cybersecurity firm Anomali shared an analysis indicating that state-sponsored Iranian hacking groups have been executing “wiper” attacks aimed at erasing data on Israeli targets in the lead-up to the military strikes, underscoring the escalating cyber warfare dimension of the conflict.
Despite Iran’s reputation as a significant cyber threat alongside nations like Russia and China, its previous responses to attacks on its own soil have often been restrained. For instance, following U.S. strikes on Iranian nuclear facilities in June, the anticipated wave of disruptive cyber counterattacks failed to materialize on a large scale, with only a brief interruption of services reported in Tirana, Albania’s capital. This pattern raises questions about Tehran’s strategic calculus and its cyber capabilities in the context of ongoing regional tensions.
