US-Israel Launch Cyberattacks on Iran Amid Strikes, Sparking Retaliation Fears

• US-Israel joint airstrikes launched on Iranian military/nuclear targets, including Tehran, coinciding with cyberattacks.
• Israeli hackers compromised BadeSaba prayer app (5M+ users), broadcasting anti-regime messages urging military to defect/surrender.
• Iranian news websites hacked to display provocative messages like "time for reckoning."
• Iranian internet blackout imposed for 2+ days, with repeated connectivity drops amid strikes.
• Iran retaliates with wiper malware on Israeli targets, DDoS, and reconnaissance by state-backed groups.
• US Cyber Command disrupted Iranian comms/sensors to enable strikes.
• Iranian crypto outflows surged 700% from exchanges like Nobitex post-strikes, signaling capital flight.
• Global alerts issued for Iranian hacktivist retaliation (DDoS, phishing) targeting US/ally infrastructure, banks, hospitals.

1. Feb 28, 2026: Iran shuts off internet access as US-Israel airstrikes begin (Story 43).

2. Early Mar 1, 2026 (Sat morning): US-Israel launch joint airstrikes on Iran; simultaneous cyberattacks hack BadeSaba prayer app (5M+ users) with anti-regime messages, Iranian news sites, apps/websites; Israel causes blackouts; US Cyber Command disrupts Iranian comms/sensors (Stories 2,3,5,6,7,11,13,17,32).

3. Mar 1: Iranian "wiper" attacks on Israeli targets precede strikes; crypto outflows from Iran surge 700% post-strikes (Stories 13,20,22,25).

4. Mar 1-2: Internet connectivity drops repeatedly in Iran; cyber ops hit govt/military services (Stories 13,18,21).

5. Mar 2, 2026: Reports of mutual cyberattacks emerge (Dawn pub., Story 13).

6. Mar 5, 2026: Iranian hacker networks outage coincides with Israeli strike on Tehran compound (Stories 44,45).

“It’s time for reckoning”
— Messages displayed on hacked BadeSaba prayer app (5M+ users), urging armed forces to "give up weapons and join the people" (Reuters)

“The cyberattack on BadeSaba was a smart move because government supporters use it and they tend to be more religious”
— Hamid Kashfi, security researcher and founder of DarkCell

“CrowdStrike is already seeing activity consistent with Iranian-aligned threat actors and hacktivists conducting reconnaissance and initiating DDoS attacks”
— Adam Meyers, SVP at CrowdStrike

“It's in the hands of a 19-year-old hacker in a Telegram room”
— Ex-NSA operative (Fortune)

US-Israel Perspective

• Cyberattacks (e.g., hacking prayer app BadeSaba to urge defections, disrupting Iranian networks) seen as precise, effective psychological warfare supporting military strikes.
• "Smart move" targeting regime supporters (Hamid Kashfi); US Cyber Command aided by disrupting comms (top general).
• Highlights digital evolution in conflicts, with pro-West hacks causing targeted disruption.

Iran/Pro-Iran Perspective & Warnings

• Retaliation via "wiper" attacks on Israeli data, DDoS, reconnaissance by state-backed groups/hacktivists (Anomali, CrowdStrike).
• Escalating threats to US/ally infrastructure (banks, hospitals, airports); warnings of low-level attacks from loosely aligned hackers (FS-ISAC, ex-NSA).
• Iran preps AI-powered ops; prior muted responses may shift to aggressive proxy actions (Sophos, Unit 42).

Neutral Expert Views

• Bidirectional cyber trades signal rising mutual risks; orgs urged to prepare (Palo Alto, Halcyon).
• Crypto outflows (700% surge) indicate capital flight amid chaos.

Israel-Iran Cyber Conflict Roots

Israel-Iran tensions trace to 1979 Iranian Revolution, when Tehran branded Israel the "Little Satan," fueling proxy wars via Hezbollah and Hamas. Cyber domain escalated with Stuxnet (2010): US-Israel worm sabotaged Iran's Natanz nuclear centrifuges, delaying its program by years—first known cyber-physical attack.

Reciprocation followed: Iran's APT groups (e.g., IRGC-linked) hit Saudi Aramco (2012 Shamoon wiper) and US banks (2012-13 DDoS). Shadow War intensified post-2018 US JCPOA exit, Soleimani killing (2020), and Iran's uranium enrichment to 90% (2023).

Recent triggers: Hamas Oct 7 attack (Iran-backed), Israeli Gaza ops, Hezbollah clashes, direct Iran-Israel missile exchanges (Apr 2024). Assassination of Supreme Leader Khamenei (late Feb 2026) sparked US-Israel Operation Lion’s Roar airstrikes on Iranian nuclear/military sites, enabling these cyber ops (e.g., BadeSaba hack) to disrupt response and incite dissent.

This blends kinetic strikes with digital psyops, evolving shadow war into open hybrid conflict.

Key Technical Details

BadeSaba App Compromise
Religious calendar/prayer app with >5 million downloads hacked to send push notifications displaying anti-regime messages (e.g., "It’s time for reckoning," urging military to disarm/surrender). Targets pro-government religious users; executed via app server breach before internet blackout, enabling psychological ops through trusted mobile platform.

Iranian Retaliation Tactics
State-backed "wiper" malware erases data on Israeli targets. DDoS attacks flood servers to deny service. Reconnaissance by Iranian-aligned hacktivists observed by CrowdStrike.

Network Disruptions
Iran internet connectivity dropped repeatedly, leading to >48-hour nationwide blackout affecting 90+ million users. Likely regime-imposed but coincided with cyberattacks on govt/military services and comms/sensors (U.S. Cyber Command).

Crypto Outflows
700% surge in outflows from Nobitex exchange (11M users, $7.2B 2025 volume) post-strikes, indicating blockchain-based capital flight.

Other
Targeting of IP cameras/surveillance flaws; Iranian APTs in U.S. airport/bank networks.

Affected Sectors: Cybersecurity, Financial Services, Crypto, Energy, Healthcare, Critical Infrastructure

Short-term Impacts:

• Cybersecurity: Surge in demand for defenses; stocks (e.g., CrowdStrike, Palo Alto) rise 5-10% on heightened threats. Iranian retaliation warnings boost spending.
• Crypto: 700% outflow spike from Iranian exchanges signals capital flight, pressuring local platforms like Nobitex; global BTC volatility up.
• Financials/Banks: US banks alert for DDoS; minor disruptions possible, increasing compliance costs.
• Iran Economy: Internet blackout hampers trade, e-commerce; GDP hit from outages.

Long-term Impacts:

• Global Cyber Market: $200B+ sector growth accelerates as firms invest in AI defenses against state actors.
• Energy/Tech Infra: Risk to data centers, oil (if escalated); higher insurance premiums.
• Broader Economy: Geopolitical risk premium lifts oil prices 10-20%, inflating costs; supply chain cyber fears slow Mideast FDI.

Summary of Nostr Discussion on Israel-Iran Cyber Conflict

Nostr posts primarily share news links on Israel's alleged "largest cyberattack" on Iran, U.S.-Israel strikes causing internet blackouts, hacked prayer apps sending "surrender" messages, and Iranian crypto disruptions. Iranian retaliation highlighted: Handala hackers using Starlink, threats to Canadian infrastructure, and alliances with pro-Russia actors targeting U.S./Middle East infra.

Main Themes & Perspectives:

• Escalation & Impacts: Widespread outages in Iran (banking, apps, crypto); global ripple effects (U.S. firms, Canada).
• Skepticism: Vague reports questioned; one user claims no real Iranian cyber activity seen—infra "in ruins," with vendors fabricating threats.
• Recurring Viewpoints: Pro-Israel framing (e.g., Operation names); fears of hacktivist retaliation.

Notable Voices: Insider (ex-NSA via Fortune); cybersecurity reports (Palo Alto, CCCS); skeptical netflow monitor doubting Iranian ops.

Debates/Insights: Minimal original debate—mostly aggregation. Unique: Iran cyber silence post-war; Starlink enabling attacks amid blackouts.

Main Themes

• Israeli psyop via prayer app hack: Widespread sharing of BadeSaba app hijack (37M installs) sending defection messages ("help has arrived") synced with US-Israeli strikes. Framed as sophisticated PSYOP targeting regime fractures.
• Broader cyber escalations: Reports of website hacks (IRNA), bank disruptions, Iranian hackers using Starlink, DDoS by Anonymous (#OpIsrael), and IRGC-linked intrusions in US networks.

Sentiments & Reactions

• Admiration for ingenuity: @Lukasz Olejnik's thread (most detailed) calls it "PSYOP 2026," comparing to hijacking BBC Weather; positive/neutral tone on effectiveness.
• Skepticism: @socialdistantcat dismisses as "delusional," doubting IRGC defection.
• Neutral/news-sharing: Majority reposts Reuters/WSJ; excitement ("WOW" @DLG) or stock hype (@DJ "Jo" NoneYa).
• Minimal debate; low engagement beyond awareness.

Notable Accounts

• @Lukasz Olejnik: In-depth analysis.
• @Ankit Panda: Quotes WSJ on prayer app.
• @YourAnonRiots: Hacktivist ops.

Common opinion: Impressive cyber tactic amid conflict; some counter-hacks noted.

In a dramatic escalation of the U.S.-Israeli conflict with Iran, joint military airstrikes on Iranian targets were accompanied by sophisticated cyberattacks that plunged parts of the country into digital darkness and hijacked a popular prayer app to broadcast anti-regime messages. Cybersecurity experts confirmed hackers compromised BadeSaba Calendar, a religious app with over 5 million downloads, displaying alerts like "It’s time for reckoning" and urging armed forces to "give up weapons and join the people." The operations, which coincided with strikes on Tehran and other sites, triggered a near-total internet blackout lasting over 48 hours, affecting more than 90 million Iranians. The backdrop to these events traces to long-simmering tensions, intensified by the reported assassination of Iranian Supreme Leader Ali Khamenei in a U.S.-Israeli airstrike last weekend, sparking open conflict dubbed Operation Lion’s Roar. Israel has a history of cyber operations against Iran, including past attacks on nuclear facilities, while U.S. Cyber Command has disrupted Iranian communications in prior incidents. Reports from Homeland Security Today described Israel's strikes as "historic cyberattacks" that plunged Iran into darkness, targeting government services, military sensors, and apps to limit coordinated responses. Iranian state-sponsored groups, meanwhile, have escalated threats, with firms like Anomali noting preemptive "wiper" attacks erasing Israeli data ahead of the strikes. The cyber front ignited early Saturday, March 1, 2026, as U.S.-Israeli airstrikes hit Iranian military and nuclear installations. Simultaneously, pro-Western hackers defaced news websites and infiltrated BadeSaba, sending push notifications to millions, including "Help has arrived" and calls for security forces to defect, per Reuters and Wired Middle East. Internet connectivity plummeted, with Kentik's Doug Madory reporting repeated drops to minimal levels on X. By Sunday, Iran's internet shutdown extended over two days, a regime "go-to tactic" amid the chaos. Iranian hackers retaliated with wiper malware, DDoS floods, and reconnaissance on Israeli and U.S. targets, according to CrowdStrike's Adam Meyers. Blockchain firm Elliptic tracked a 700% surge in crypto outflows from Iran's largest exchange, Nobitex—handling $7.2 billion in 2025 volume—with millions fleeing offshore minutes after strikes. U.S. Cyber Command later confirmed it disrupted Iranian comms and sensors to pave the way for bombings, as stated by a top general. Israeli officials have not confirmed involvement, but security researcher Hamid Kashfi of DarkCell called the BadeSaba hack "a smart move" targeting religious government supporters. A U.S. Cyber Command spokesperson did not respond to comment requests. Iranian authorities blamed foreign aggression but offered no specifics, while BadeSaba's CEO could not be reached. Cybersecurity leaders sounded alarms: Sophos' Rafe Pilling warned of proxy hacktivists amplifying old breaches or hitting industrial systems; Halcyon's Cynthia Kaiser noted pro-Iranian calls for hack-and-leak ops, ransomware, and DDoS; CrowdStrike's Meyers observed Iranian-aligned groups initiating attacks. An ex-NSA operative told Fortune retaliation could come from "a 19-year-old hacker in a Telegram room." U.S. industry groups like SIFMA's Todd Klessman emphasized vigilance, with banks and hospitals on high alert. The cyber exchanges signal a digital evolution in modern warfare, blending psychological ops with infrastructure disruption and exposing global vulnerabilities. Iran's muted past responses belie growing capabilities, including AI-enhanced attacks on critical infrastructure and IP camera exploits echoing Hamas-Israel tactics, per Unit 42 and Palo Alto Networks. U.S. sectors—finance, healthcare, airports, data centers—are bracing for DDoS, phishing, and APT intrusions, with Iranian hackers already in some networks, SecurityWeek reported. Crypto flight underscores economic fallout, potentially destabilizing Iran's regime amid unrest. Experts predict intensified tit-for-tat over 30 days, testing U.S. defenses; Health-ISAC's Errol Weiss urged healthcare prep for hacktivist spillover. Broader implications include heightened risks for allies like Canada and NYPD-monitored targets, with Morningstar DBRS warning of cyber shocks alongside oil spikes. As conflict rages, digital battlegrounds may outpace physical ones, demanding resilient networks worldwide.