A wave of cyber-enabled operations unfolded early on Saturday alongside a joint U.S.-Israeli attack on targets across Iran, cybersecurity experts and observers said.
Disruptions Accompany Military Strikes
The operations targeted multiple news websites, which hackers altered to display a range of messages. In addition, attackers breached BadeSaba, a religious calendar application with more than five million downloads. The app showed messages telling users, “It’s time for reckoning,” and urged armed forces to lay down their weapons and join the people.
However, Reuters could not reach BadeSaba’s chief executive for comment. Likewise, a spokesperson for U.S. Cyber Command did not immediately respond to a request for comment.
Meanwhile, internet connectivity across Iran dropped sharply at 0706 GMT and again at 1147 GMT. As a result, only minimal connectivity remained, according to Doug Madory, director of internet analysis at Kentik, who posted the details on X.
Strategic Targeting and Digital Messaging
According to Hamid Kashfi, a security researcher and founder of cybersecurity firm DarkCell, the attack on BadeSaba appeared calculated. He said government supporters widely use the app and many of them hold strong religious views. Therefore, the breach may have aimed to influence a core support base.
In addition, cyber operations struck several Iranian government services and military targets to limit any coordinated Iranian response, the Jerusalem Post reported. However, Reuters has not independently verified those claims.
As Iran weighs its options, the risk of further cyber activity continues to grow. Rafe Pilling, director of threat intelligence at Sophos, warned that proxy groups and hacktivists may launch attacks against Israeli and U.S.-affiliated military, commercial, or civilian targets.
Moreover, Pilling said attackers could amplify old data breaches and present them as new incidents. They may also attempt unsophisticated compromises of internet-exposed industrial systems or even carry out direct offensive cyber operations.
Rising Regional Cyber Activity
Activity in the Middle East has increased, said Cynthia Kaiser, a former senior FBI cyber official and now a senior vice president at Halcyon. She noted that her firm has observed calls to action from known pro-Iranian cyber personas. In the past, these groups conducted hack-and-leak campaigns, ransomware attacks, and distributed denial-of-service attacks that overwhelm online services.
Similarly, Adam Meyers of CrowdStrike said his firm has already detected activity consistent with Iranian-aligned actors conducting reconnaissance and initiating denial-of-service attacks.
Earlier on Saturday, cybersecurity firm Anomali shared analysis stating that state-backed Iranian groups had launched wiper attacks against Israeli targets ahead of the strikes.
Although U.S. officials often cite Iran alongside Russia and China as a cyber threat, Tehran has previously responded in a restrained manner. In June, after U.S. strikes on Iranian nuclear targets, media reports noted only a brief service interruption in Tirana, Albania’s capital.
With inputs from Reuters