TORONTO: Cyber operations intensified early Saturday, unfolding alongside the joint US-Israeli strikes on targets inside Iran, according to cybersecurity analysts and observers.
Several Iranian news websites were reportedly breached and altered to display political messages. One notable incident involved BadeSaba, a religious calendar application with over five million downloads, which was hacked to show messages declaring “Its time for reckoning” and calling on members of the armed forces to lay down their weapons and side with the public.
Reuters was unable to reach BadeSaba’s chief executive for comment, while a spokesperson for US Cyber Command did not immediately respond to inquiries.
At the same time, cybersecurity company Anomali reported that Iranian state-linked hacking groups had already launched “wiper” attacks targeting Israeli entities, designed to permanently erase data ahead of the military strikes.
Internet access across Iran experienced repeated disruptions, leaving only limited connectivity, according to Doug Madory, director of internet analysis at Kentik, who shared the assessment on X.
Security researcher Hamid Kashfi, founder of cybersecurity firm DarkCell, described the attack on the BadeSaba application as strategic, noting that it is widely used by religious government supporters.
Additional cyber operations reportedly targeted Iranian government services and military infrastructure to hinder any coordinated response, according to a report by the Jerusalem Post, though Reuters could not independently confirm these claims.
Experts warn that Iran’s potential retaliation could increasingly involve proxy actors and hacktivist groups. Rafe Pilling, director of threat intelligence at Sophos, said such actors may launch cyberattacks against Israeli and US-linked military, commercial, or civilian networks.
These actions could include recycling older data breaches to appear new, basic attempts to infiltrate exposed industrial systems, and possibly direct offensive cyber campaigns, Pilling added.
Cynthia Kaiser, a former senior FBI cyber official and now an executive at anti-ransomware firm Halcyon, noted a rise in regional cyber activity. She said the company has observed renewed calls to action from pro-Iranian cyber personas previously involved in hack-and-leak operations, ransomware incidents, and distributed denial-of-service attacks (DDoS), which overwhelm online services and make them inaccessible.
Adam Meyers, senior vice president at CrowdStrike, warned that current developments may signal more serious cyber operations ahead.
“CrowdStrike is already seeing activity consistent with Iranian-aligned threat actors and hacktivist groups conducting reconnaissance and initiating DDoS attacks,” he said.
Although US cyber officials frequently rank Iran alongside Russia and China as a significant cyber threat, Tehran’s past responses to attacks on its territory have generally remained restrained.
