A coordinated wave of cyberattacks coincided with joint U.S.-Israeli strikes on Iran, raising fears of escalation across digital and military fronts.
 |
| Experts warn that the cyber operations accompanying U.S.-Israeli strikes on Iran may mark the start of a broader digital confrontation involving state-backed hackers and proxy groups. Image: CH |
TEHRAN, Iran — March 2, 2026:
A wave of cyber operations swept across Iran early Saturday, unfolding alongside reported joint U.S.-Israeli strikes and signaling that the confrontation may be expanding into a parallel digital battlefield.
Cybersecurity analysts described a coordinated series of incidents that included website defacements, the apparent compromise of a widely used religious application, and sharp drops in national internet connectivity. The activity suggests a deliberate attempt not only to disrupt systems, but also to shape public perception at a moment of acute geopolitical tension.
One of the most striking developments was the reported breach of BadeSaba, a religious calendar app with more than five million downloads. Users said the platform displayed messages reading, “It’s time for reckoning,” alongside calls for members of the armed forces to lay down their weapons and join the public. Reuters said it was unable to reach the app’s chief executive for comment.
Hamid Kashfi, founder of cybersecurity firm DarkCell, characterized the targeting of BadeSaba as potentially strategic. The app is widely used by religious and pro-government supporters, making it a powerful channel for psychological messaging. By infiltrating a trusted digital space, attackers could undermine confidence within core constituencies aligned with the state.
Internet monitoring data added to the sense of disruption. Doug Madory, director of internet analysis at Kentik, reported significant connectivity drops across Iran at 0706 GMT and again at 1147 GMT, leaving only minimal service. The cause remains unclear. Such outages can result from external cyber interference, internal defensive shutdowns by authorities, or attempts to control information flows during crises.
The Jerusalem Post reported that cyber operations also targeted Iranian government services and military-linked infrastructure, apparently aimed at hindering a coordinated response. Those claims could not be independently verified. A spokesperson for United States Cyber Command did not immediately respond to requests for comment.
Security firms say the activity may only represent the initial phase of a broader escalation. Rafe Pilling, director of threat intelligence at Sophos, warned that Iranian proxy groups and hacktivists could retaliate against Israeli and U.S.-affiliated military, commercial or civilian targets. Such actions might include resurfacing previously leaked data, launching distributed denial-of-service (DDoS) campaigns, or attempting to breach internet-facing industrial systems.
Cynthia Kaiser, a former senior FBI cyber official now serving as a senior vice president at Halcyon, said her firm has observed renewed calls to action from pro-Iranian cyber personas previously linked to hack-and-leak campaigns and ransomware attacks. That mobilization, she noted, points to a rising risk of decentralized but ideologically aligned cyber activity.
Adam Meyers of CrowdStrike said his company is already tracking reconnaissance efforts and DDoS activity consistent with Iranian-aligned threat actors. Meanwhile, Anomali reported that Iranian state-backed groups conducted “wiper” attacks against Israeli targets prior to the strikes, indicating that digital hostilities may have preceded the kinetic phase.
Despite being frequently cited by U.S. officials alongside Russia and China as a significant cyber threat, Iran’s previous digital responses to direct attacks have often been more restrained than anticipated. Following U.S. strikes on Iranian nuclear facilities in June, there were limited signs of sweeping retaliatory cyber disruption, apart from a brief service interruption reported in Tirana, Albania.
The latest developments highlight how modern conflicts increasingly unfold across both physical and virtual domains. Cyber operations can serve as force multipliers — disrupting communications, eroding public trust, and probing defenses — while providing plausible deniability.
Whether this current wave remains largely symbolic or escalates into sustained attacks on critical infrastructure in Israel, the United States or beyond may depend on Tehran’s broader strategic calculations — and on how aggressively aligned hacktivist and proxy networks choose to act in the days ahead.