A wave of coordinated cyber operations struck Iran early Saturday morning, coinciding with a joint US-Israel strike on Iranian targets, according to cybersecurity experts and observers.
The attacks included interventions on news websites and the hacking of BadeSaba, a religious calendar app with over 5 million downloads, which displayed messages urging users: “It is time for accountability”, encouraging armed forces to disarm and join the populace.
Iran’s internet connectivity was severely disrupted at 07:06 and again at 11:47, leaving only minimal service active, according to Doug Madory, director of internet analysis at Kentik.
Experts described the BadeSaba hack as a strategically savvy move, targeting a platform widely used by government supporters, who tend to be more religious, according to Hamid Kashfi, cybersecurity researcher and founder of DarkCell.
In addition to apps and public platforms, the cyber operations targeted Iranian government services and military sites, limiting the regime’s ability to mount a coordinated response, reports the Jerusalem Post.
Rafe Pilling, director of threat intelligence at Sophos, warned that as Iran evaluates its options, state-backed groups and hackers could launch retaliatory cyberattacks against Israeli or US-linked military, commercial, or civilian targets. These attacks might include the exploitation of old data breaches, sophisticated attempts to compromise exposed industrial systems, and potentially direct offensive cyber operations.
Cynthia Kaiser, former senior FBI cybersecurity official and current VP at anti-ransomware firm Halcyon, said activity in the Middle East has intensified, noting calls for action from pro-Iranian hackers who have historically conducted hack-and-leak operations, ransomware attacks, and distributed denial-of-service (DDoS) campaigns.
Adam Meyers, senior VP of counter-adversary operations at CrowdStrike, added that the firm is observing activity consistent with Iranian threat actors, including reconnaissance and DDoS attacks.
Similarly, the cybersecurity firm Anomali reported that state-supported Iranian groups are carrying out “wiper” attacks, erasing data from Israeli targets in preparation for potential strikes.
Although Iran is frequently cited alongside Russia and China as a threat to US networks, Tehran’s previous cyber responses to attacks on its own territory have been largely muted. Following US strikes on Iranian nuclear facilities in June, there were few signs of destructive cyber retaliation, leaving analysts to continue assessing Iran’s digital capabilities beyond short-term service disruptions.
