A near-total internet blackout, hacked prayer apps, and hijacked state news websites marked the opening hours of Operation Epic Fury, as coordinated US-Israeli military strikes hit targets across Iran on Saturday.

Iran's near blackout Connectivity dropped to around 1% of normal levels in a regime-imposed blackout following the strikes.
Apps and media 'hijacked' The BadeSaba prayer app (5M+ downloads) was hacked to urge military defections. State news sites like IRNA displayed anti-government messages.
Cyber retaliation expected Sophos security researchers warn of likely attacks from Iran-aligned groups using ransomware, wipers, DDoS, and phishing against US/Israeli targets.
UAE criminalizes "unverified" sharing Spreading unverified war-related information carries fines up to $272,000 or imprisonment in the UAE.

Key Takeaways by nexos.ai, reviewed by Cybernews staff.

While the military operations dominated the weekend headlines – including reports that Iran’s Supreme Leader, Ayatollah Ali Khamenei, was killed – a parallel series of cyber events unfolded almost simultaneously, disrupting communications inside Iran and targeting widely used digital platforms.

Internet blackouts in Iran

Within hours of the strikes, internet connectivity across Iran dropped sharply. Data published by internet monitoring organization Netblocks showed national connectivity falling to around 1% of normal levels, indicating a near-total blackout.

Don't miss our latest stories on Google News

NetBlocks attributed the blackout to a “regime-imposed” nationwide internet blackout, though the country’s government has not commented. To date, connectivity levels have remained restricted.

Director of Internet Analysis at Kentik, Doug Madory, reported two significant traffic declines on the day of the strikes – first at 07:06 GMT and again at 11.47 GMT.

Following the second drop, only limited connectivity was observed.

In a post on X, Madory said the small amount of internet activity could be due to the government’s new whitelisting system, which creates exceptions for groups loyal to the government.

Prayer app and news outlets hacked

As connectivity inside the country was curtailed, several Iranian digital platforms were targeted in apparent cyber operations.

According to a report in the Wall Street Journal, the Iranian prayer app BadeSaba Calendar was hacked and used to send push notifications to users.

The app, which provides Islamic prayer times, has been downloaded more than five million times from the Google Play app store alone.

Screenshots shared on social media showed messages in Persian urging members of Iran’s armed forces to defect. The notifications included phrases such as ”help has arrived” and “it’s time for reckoning.”

In addition to app intrusion, multiple Iranian news websites were reportedly compromised, as per a report from Reuters.

Iranian state media said several outlets, including state news agency IRNA, were “hijacked” to display messages referencing the strikes and criticizing the government.

One message displayed on IRNA’s homepage referred to a “terrifying hour” for the regime’s security forces.

Retaliatory cyberattack warnings

As missile exchanges continued in the region over the weekend, cybersecurity firms issued warnings about potential retaliatory cyber activity.

On Sunday, Sophos issued an advisory, warning that proxy groups or ideologically motivated actors aligned with Iran could target Israeli and US-affiliated military, commercial, or civilian organizations.

The firm said possible tactics could include website defacements, distributed denial-of-service attacks, ransomware, destructive “wiper” malware, hack-and-leak operations, and credential-based attacks such as phishing and password spraying.

Has your password leaked?

Enter your password to check if it has leaked. Having a leaked password creates the risk of identity theft, financial damages, and worse!

35,607,543,468

Exposed Passwords

Sophos noted that historic Iran-aligned campaigns have involved credential-based access, lateral movement within networks, destructive payload deployment, and the publication of stolen data.

Threat personas included HomeLandJustice, previously linked to wiper and data-leak operations against Albanian government entities since 2022.

Israel Palestine hackers — Advisory warns of retaliation by pro-Iranian groups such as Handala or HomeLandJustice. Image by Cybernews.

Handala Hack, associated with Iran’s Ministry of Intelligence and Security, has also conducted politically motivated cyber ops in the past. On Saturday, Handala Hack (or Hanzala Hack) claimed attacks in Jordan and threatened other countries in the region.

Retaliatory strikes by Iran on Sunday were targeted at nations perceived to be supportive of the US. These were reported to include the United Arab Emirates (UAE), Saudi Arabia, Qatar, Bahrain, Kuwait, and Jordan.

These ongoing attacks, which reportedly started on Sunday, targeted civilian infrastructure, including airports in Dubai and Kuwait, as well as US military bases.

Following these developments, regional governments issued public warnings related to information sharing during the conflict.

The UAE has warned that circulating “unverified information about wars, security or national safety” could result in criminal penalties under the country’s cybercrime law.

Authorities said spreading “false news, rumours or misleading information or sharing content that causes panic or public confusion is illegal.”

Under the country’s laws, penalties may include detention or imprisonment in more serious cases, as well as fines ranging from $27,000 to $272,000.

Unlock more exclusive Cybernews content on YouTube