Digital warfare accompanied the recent joint United States-Israeli military operations against Iran, with cybersecurity specialists documenting widespread online attacks that occurred early Saturday morning.
The cyber offensive compromised several Iranian news platforms and infiltrated BadeSaba, a widely-used religious calendar application downloaded by more than 5 million people. The compromised app displayed threatening messages stating “It’s time for reckoning” while encouraging military personnel to abandon their weapons and side with civilians.
Attempts to reach BadeSaba’s top executive were unsuccessful, and US Cyber Command representatives have not yet provided comment on the situation.
Iran’s internet infrastructure suffered major disruptions, with connectivity plummeting dramatically at 7:06 AM GMT and again at 11:47 AM GMT, leaving only limited online access available, according to Doug Madory, who serves as director of internet analysis at Kentik and shared the information on X.
Security researcher and DarkCell cybersecurity firm founder Hamid Kashfi explained that targeting BadeSaba was strategically effective since government loyalists frequently use the application and typically hold stronger religious beliefs.
The Jerusalem Post reported Saturday that the digital operations also targeted various Iranian governmental services and military infrastructure to prevent a unified Iranian counterattack, though Reuters has been unable to independently confirm these reports.
“As Iran considers its options, the likelihood increases that proxy groups and hacktivists may take action, including cyberattacks, against Israeli and U.S.-affiliated military, commercial, or civilian targets,” warned Rafe Pilling, who directs threat intelligence at cybersecurity company Sophos.
Pilling noted that potential retaliation might involve republishing old data breaches as new incidents, basic attempts to infiltrate internet-connected industrial systems, and possibly direct offensive cyber operations.
Cynthia Kaiser, a former senior FBI cyber official now serving as senior vice president at anti-ransomware company Halcyon, reported increased Middle Eastern activity and observed calls to action from recognized pro-Iranian cyber operatives known for conducting hack-and-leak campaigns, ransomware deployments, and distributed denial-of-service attacks that overwhelm internet services.
CrowdStrike senior vice president of counter adversary operations Adam Meyers suggested the current digital activity might signal more aggressive future operations.
“CrowdStrike is already seeing activity consistent with Iranian-aligned threat actors and hacktivist groups conducting reconnaissance and initiating DDoS attacks,” Meyers stated.
Cybersecurity company Anomali reported in Saturday analysis shared with Reuters that Iranian state-sponsored hacking organizations had already begun executing “wiper” attacks designed to destroy data on Israeli targets before the military strikes occurred.
Despite US cyber officials frequently citing Iran alongside Russia and China as major threats to American digital infrastructure, Tehran’s past responses to attacks within its borders have been relatively restrained.
Following US strikes on Iranian nuclear facilities in June, there was minimal evidence of the disruptive cyber retaliation often associated with Iran’s digital warfare capabilities, except for brief service interruptions in Albania’s capital city of Tirana, according to media coverage.
