Toronto: A wave of cyber-enabled operations accompanied the joint US-Israeli strikes on Iranian targets early Saturday, cybersecurity experts and analysts said, as digital disruptions were reported alongside the military escalation.
According to researchers, several Iranian news websites were hacked to display political messages, while BadeSaba, a religious calendar application with more than five million downloads, was compromised. Users of the app reported messages urging armed forces to lay down their weapons and “join the people.”
Reuters was unable to immediately contact BadeSaba’s chief executive for comment. A spokesperson for the United States Cyber Command did not respond to a request for comment.
Cybersecurity firm Anomali said in an analysis shared with Reuters that suspected state-backed Iranian hacking groups had launched so-called “wiper” attacks against Israeli targets prior to the strikes. Wiper attacks are designed to erase data and disrupt systems.
Internet connectivity across Iran dropped repeatedly during the period of heightened tensions, according to Doug Madory, director of internet analysis at Kentik, who said only limited connectivity remained at certain points.
Security researcher Hamid Kashfi described the attack on the religious app as strategically significant, noting that it is widely used by religious and pro-government segments of society.
Separately, Israeli media reported that cyber operations targeted Iranian government services and military systems to limit Tehran’s ability to coordinate a response, although these claims could not be independently verified.
Rafe Pilling, director of threat intelligence at cybersecurity firm Sophos, said the risk of retaliatory cyber activity by Iranian-aligned groups, proxies, or hacktivists was increasing. Potential actions could include distributed denial-of-service (DDoS) attacks, the resurfacing of old data breaches presented as new leaks, or attempts to compromise industrial control systems.
Cynthia Kaiser, a former senior FBI cyber official and now an executive at anti-ransomware firm Halcyon, said her firm had observed increased online activity from known pro-Iranian cyber personas, including calls for coordinated digital attacks.
Adam Meyers, senior vice president at CrowdStrike, said activity consistent with Iranian-aligned actors conducting reconnaissance and initiating DDoS attacks had already been detected.
While Iran is frequently cited by US officials alongside Russia and China as a significant cyber threat, analysts noted that Tehran’s previous cyber responses to military actions on its territory have often been measured.
The situation remains fluid as authorities and cybersecurity firms continue to monitor developments amid heightened regional tensions.