A wave of cyber operations unfolded early Saturday alongside joint U.S.-Israeli strikes on targets across Iran, according to cybersecurity experts and analysts, reports Reuters.
The activity included the defacement of multiple news websites and the apparent compromise of BadeSaba, a religious calendar app with more than five million downloads. Users reported seeing messages reading, “It’s time for reckoning,” along with calls for members of the armed forces to lay down their weapons and join the public.
Reuters was unable to reach BadeSaba’s chief executive for comment. A spokesperson for United States Cyber Command did not immediately respond to a request for comment.
Internet connectivity across Iran dropped sharply at 0706 GMT and again at 1147 GMT, leaving only minimal service, Doug Madory, director of internet analysis at Kentik, said in a post on X.
Targeting BadeSaba may have been a calculated move, said Hamid Kashfi, founder of cybersecurity firm DarkCell, noting the app is widely used by religious and pro-government supporters.
The Jerusalem Post reported that cyber operations also struck various Iranian government services and military-linked targets in an effort to hinder a coordinated response. Reuters could not independently verify the claims.
“As Iran considers its options, the likelihood increases that proxy groups and hacktivists may take action, including cyberattacks, against Israeli- and U.S.-affiliated military, commercial or civilian targets,” said Rafe Pilling, director of threat intelligence at Sophos.
Such activity could include resurfacing old data breaches presented as new, relatively unsophisticated attempts to compromise internet-facing industrial systems, and potentially more direct offensive cyber operations, he said.
Cynthia Kaiser, a former senior FBI cyber official and now senior vice president at anti-ransomware firm Halcyon, said regional cyber activity has intensified. She added that her firm has observed calls to action from known pro-Iranian cyber personas previously linked to hack-and-leak campaigns, ransomware incidents and distributed denial-of-service (DDoS) attacks.
The current wave may precede more aggressive operations, said Adam Meyers, senior vice president of counter adversary operations at CrowdStrike.
“CrowdStrike is already seeing activity consistent with Iranian-aligned threat actors and hacktivist groups conducting reconnaissance and initiating DDoS attacks,” he said.
Cybersecurity firm Anomali said in an analysis shared with Reuters that Iranian state-backed hacking groups had carried out “wiper” attacks — which erase data — against Israeli targets ahead of the strikes.
Although Iran is often cited by U.S. officials alongside Russia and China as a significant cyber threat, its digital responses to previous attacks on its territory have tended to be restrained.
In June, after U.S. strikes on Iranian nuclear facilities, there were few signs of the sweeping disruptive cyberattacks often invoked in assessments of Tehran’s capabilities, aside from a brief service interruption in Tirana, Albania’s capital, according to media reports.
Bd-pratidin English/ Jisan
