Cyber War: Iranian apps and websites are hacked following joint U.S.-Israel offensive

In the context of the recent ongoing military developments in the Middle East, ICS Labs' CTI has identified that a wave of cyber operations hit Iran in the early hours of Saturday (1st), in parallel with the military attacks carried out by the United States and Israel against targets on Iranian territory. Experts warn that the episode may mark the beginning of a digital escalation with possible retaliation against American and Israeli interests.

Among the main reported incidents is the breach of the religious application BadeSaba, an Islamic calendar with more than 5 million downloads. Users reported that the platform began displaying messages such as “It’s time for reckoning” and calls for members of the armed forces to lay down their weapons and join the civilian population.

In addition to the application, several Iranian news websites were compromised to display political messages. Reuters reported that it was unable to reach the CEO of BadeSaba for clarification, and the U.S. Cyber Command has not officially commented on the case so far.

Connectivity drop and possible internal containment

Data from Doug Madory, Director of Internet Analysis at Kentik, indicates that connectivity in Iran experienced abrupt drops at 07:06 GMT and again at 11:47 GMT, leaving only minimal connectivity at certain moments. The measure may indicate internal attempts at containment or mitigation of cyber impacts.

According to Hamid Kashfi, security researcher and founder of DarkCell, the choice of BadeSaba as a target was strategic, considering that the application is widely used by government supporters and religious audiences.

Risk of retaliation and digital escalation

Experts suggest that groups aligned with Iran and hacktivists may launch retaliatory attacks against military, commercial, and civilian targets linked to the U.S. and Israel. Rafe Pilling, Director of Threat Intelligence at Sophos, highlighted that potential actions include simple attempts against industrial systems exposed to the internet, DDoS (denial‑of‑service) attacks to take online services offline, and direct offensive operations.

Security company CrowdStrike stated that it is already observing activity consistent with Iran‑aligned groups conducting target reconnaissance and initiating DDoS attacks.

Meanwhile, Anomali reported signs of “wiper” attacks designed to permanently erase data targeting Israeli entities even before the military offensive.

History of moderate cyber responses

Although Iran is frequently cited by U.S. authorities alongside Russia and China as a significant threat in cyberspace, previous responses from Tehran to direct attacks on its territory have been considered limited. After a U.S. attack on Iranian nuclear facilities in June, for example, there were no records of major digital offensives, only a temporary service disruption in Tirana, the capital of Albania.

Recommendations for security teams

Given this scenario, organizations should strengthen monitoring of anomalous traffic and DDoS attempts, especially in environments dependent on major Western virtualization and cloud providers. Additionally, it is essential to update and validate incident response plans involving destructive attacks and other techniques commonly used by malicious actors with ideological or geopolitical motivations.

 Sources:

• Hackers hit Iranian apps, websites after US-Israeli strikes | Reuters

• Hackers promovem onda de ataques cibernéticos no Irã após ações dos EUA e Israel | Olhar Digital

• Hackers hit Iranian apps, websites after US-Israeli strikes, experts say | Times of Israel

• Hackers and internet outages hit Iran amid US air strikes | Tech Crunch

• Hackers attack Iranian apps and websites after US-Israeli attacks | Telegrafi