A series of cyber-enabled operations unfolded early Saturday in parallel with joint U.S.-Israeli military strikes on targets across Iran, according to cybersecurity analysts and regional observers. The digital disruptions targeted news platforms, mobile applications, and government-linked services, adding a cyber dimension to the unfolding geopolitical crisis.
Among the affected platforms were several Iranian news websites, which were defaced to display unauthorized messages. BadeSaba, a widely used religious calendar application with more than 5 million downloads, was also compromised. Users of the app reportedly saw messages stating, “It’s time for reckoning,” alongside calls urging armed forces to surrender their weapons and side with the public. Reuters was unable to reach BadeSaba’s chief executive for comment.
A spokesperson for U.S. Cyber Command did not immediately respond to inquiries regarding the incidents.
At the same time, internet connectivity across Iran experienced significant disruptions. According to Doug Madory, director of internet analysis at Kentik, connectivity levels dropped sharply at 0706 GMT and again at 1147 GMT, leaving only limited network access across parts of the country. Madory shared his observations in a post on X.
Security researcher Hamid Kashfi, founder of cybersecurity firm DarkCell, described the targeting of BadeSaba as strategically significant. He noted that the app’s user base includes many government supporters and religious individuals, making it a symbolic and potentially influential channel for messaging during periods of unrest.
Reports from the Jerusalem Post indicated that cyber operations may also have targeted Iranian government services and military systems in an effort to limit the country’s ability to mount a coordinated response. Reuters has not independently verified these claims.
Cybersecurity experts caution that the digital conflict could escalate further. Rafe Pilling, director of threat intelligence at Sophos, said that as Iran evaluates its response options, the likelihood grows that proxy groups or hacktivists aligned with Tehran could launch retaliatory cyber operations against Israeli or U.S.-affiliated military, commercial, or civilian entities.
Pilling warned that such activity could include resurfacing previously leaked data and presenting it as newly compromised information, rudimentary attempts to breach internet-facing industrial systems, or more direct offensive cyberattacks.
Cynthia Kaiser, a former senior FBI cyber official and current senior vice president at anti-ransomware firm Halcyon, noted an uptick in cyber activity across the Middle East. Kaiser said Halcyon has observed calls to action from pro-Iranian cyber personas known for past hack-and-leak campaigns, ransomware incidents, and distributed denial-of-service (DDoS) attacks designed to overwhelm and disrupt online services.
Adam Meyers, senior vice president of counter adversary operations at CrowdStrike, said the firm is already detecting activity consistent with Iranian-aligned threat actors and hacktivist groups conducting reconnaissance and initiating DDoS attacks. He suggested that the current activity could serve as a precursor to more aggressive cyber campaigns.
Separately, cybersecurity firm Anomali reported that Iranian state-backed hacking groups had conducted “wiper” attacks prior to the strikes, aimed at erasing data on Israeli targets. The analysis, shared with Reuters, indicated that these operations may have been intended to disrupt systems or cause reputational damage.
Iran has long been cited by U.S. cyber officials alongside Russia and China as a significant cyber threat actor. However, previous responses by Tehran to military actions on its soil have been relatively restrained in the digital domain. In June, after U.S. strikes on Iranian nuclear facilities, there was limited evidence of large-scale retaliatory cyberattacks, aside from a brief disruption of services in Tirana, Albania’s capital, according to media reports.
The latest developments underscore how modern military confrontations increasingly unfold across both physical and digital battlefields. As tensions remain high, cybersecurity experts warn that the coming days could see heightened activity from state-linked actors and affiliated groups seeking to shape narratives, disrupt infrastructure, or retaliate through cyberspace.
