A wave of cyber-enabled operations took place early Saturday morning, along with the joint US-Israeli attack on targets across Iran, according to cybersecurity experts and observers.
The operations included hacking multiple news websites to display various messages and hacking BadeSaba, a religious calendar app with more than 5 million downloads, which displayed messages telling users "It's time for accountability" and calling on the armed forces to lay down their arms and join the people.
Internet connectivity in Iran dropped sharply at 07:06 and then again at 11:47, with only a minimal connection remaining, Doug Madory, director of internet analysis at Kentik, said in a post on X, reports the Telegraph.
The cyberattack on BadeSaba was a smart move because government supporters use it and they tend to be more religious, said Hamid Kashfi, a security researcher and founder of cybersecurity firm DarkCell.
The cyber operations also hit a number of Iranian government services and military targets to limit a coordinated Iranian response, the Jerusalem Post reported on Saturday.
"As Iran considers its options, the likelihood increases that proxy groups and hackers will take action, including cyberattacks, against Israeli and US-linked military, commercial or civilian targets," said Rafe Pilling, director of threat intelligence at cybersecurity firm Sophos.
Attacks could include amplification of old data breaches presented as new, unsophisticated attempts to compromise internet-exposed industrial systems and potentially direct offensive cyber operations, Pilling said.
Activity in the Middle East has increased, said Cynthia Kaiser, a former senior FBI cyber official and current senior vice president at anti-ransomware firm Halcyon.
Kaiser said the firm has also seen calls for action from known pro-Iranian cyber actors who in the past have carried out hack-and-leak operations, ransomware attacks and distributed denial-of-service (DDoS) attacks, which flood internet services, making them inaccessible.
Current cyber activity could precede more aggressive operations, said Adam Meyers, senior vice president of counter-adversarial operations at CrowdStrike.
"CrowdStrike is already seeing activity consistent with Iran-linked threat actors and hacker groups conducting reconnaissance and launching DDoS attacks," he added.
Cybersecurity firm Anomali said in an analysis shared with Reuters on Saturday that Iranian state-backed groups were already carrying out "wipe-out" attacks that delete data on Israeli targets ahead of attacks.
Although Iran is frequently cited by US cyber officials along with Russia and China as a threat to US networks, Tehran's previous responses to attacks on its soil have been muted. /Telegraph
In June, after the US struck Iranian nuclear targets, there were few signs of destructive cyberattacks, opening a new tab that is often invoked during discussions of Iran's digital capabilities beyond a short-term disruption of services in Tirana, the capital of Albania, according to media reports.
