Cyber Retaliation Likely as U.S.-Israeli Strikes Trigger Iranian Digital Disruptions On March 1, 2026, a series of cyber operations unfolded alongside joint U.S.-Israeli airstrikes targeting Iran, signaling potential escalation in digital warfare. Cybersecurity experts reported multiple breaches, including the hack of BadeSaba, a widely used Iranian religious app with over 5 million downloads. The app displayed messages urging armed forces to disarm and join civilians, while other compromised news websites broadcast similar calls for accountability. Internet connectivity in Iran experienced sharp drops at 0706 GMT and 1147 GMT, according to Doug Madory of Kentik, with only minimal service remaining. The Jerusalem Post reported cyberattacks on Iranian government and military systems, though Reuters could not independently verify these claims. Security researchers noted the strategic targeting of BadeSaba, as its user base primarily religious and pro-government made it a high-impact platform for psychological operations. Cybersecurity firms warned of impending retaliation, with Sophos’ Rafe Pilling highlighting potential tactics, including amplified data breaches, unsophisticated industrial system compromises, and direct offensive cyber operations. Pro-Iranian hacktivist groups, known for past hack-and-leak campaigns, ransomware, and DDoS attacks, have already issued calls to action, per Halcyon’s Cynthia Kaiser. CrowdStrike observed reconnaissance and DDoS activity from Iranian-aligned actors, while Anomali reported state-backed Iranian groups deploying "wiper" attacks against Israeli targets ahead of the strikes. Despite Iran’s reputation as a cyber threat alongside Russia and China, its past responses to physical attacks have been limited. Following U.S. strikes on Iranian nuclear sites in June, cyber retaliation was minimal, with only a brief disruption in Albania’s capital, Tirana. However, the current escalation suggests a shift toward more aggressive digital countermeasures.

Cyber Espionage and Hacktivism Escalate in Middle East, Raising Risks for India’s Critical Infrastructure Recent cyberattacks in the Middle East including a historic offensive by Israel against Iran have heightened concerns about potential spillover threats to India’s critical infrastructure. Cybersecurity experts warn that state-backed and hacktivist groups, particularly those aligned with Iran, may target Indian sectors such as power grids, telecom networks, banking systems, and government services in retaliation for regional geopolitical tensions. On Saturday, Israel executed what has been described as the largest cyberattack in history against Iran, causing a near-total internet blackout and disrupting government services, media, energy, and aviation. The attack coincided with the compromise of BadeSaba Calendar, a widely used Iranian prayer app with over 5 million users, which was hijacked to send push notifications urging surrender during joint US-Israeli airstrikes in Tehran. Indian cybersecurity firms, including PwC and CloudSEK, have issued advisories anticipating increased risks of distributed denial-of-service (DDoS) attacks, phishing campaigns, ransomware, and credential-based intrusions. Experts note that cyber warfare often precedes physical conflict, with misinformation, espionage, and intelligence-gathering serving as early indicators of broader aggression. India has faced similar threats before, including during Operation Sindoor and the 2025 India-Pakistan tensions, when foreign hacker groups such as Moroccan Soldiers, Team R70 (Russia), Lulzsec Arabs, and Islamic Hacker Army targeted government and private sector digital infrastructure. The current escalation in the Middle East suggests a renewed wave of cyber threats, with Indian firms on high alert to mitigate potential disruptions.

Cyber Operations Accompany U.S.-Israeli Strikes on Iran Early Saturday, a series of cyberattacks unfolded alongside joint U.S.-Israeli military strikes targeting locations across Iran. Cybersecurity experts and observers reported disruptions, including the hacking of Iranian news websites and the compromise of BadeSaba, a widely used religious calendar app with over 5 million downloads. The app displayed messages urging users many of them government supporters to abandon weapons and join opposition movements. Internet connectivity in Iran experienced sharp drops at 0706 GMT and again at 1147 GMT, according to Doug Madory, director of internet analysis at Kentik. The cyber operations also targeted Iranian government services and military systems, likely to hinder coordinated retaliation, though Reuters has not independently verified these claims. Security researchers noted the strategic nature of the attacks. Hamid Kashfi, founder of cybersecurity firm DarkCell, highlighted the BadeSaba hack as particularly effective due to its user base among religious and pro-government circles. Meanwhile, cybersecurity firms warned of escalating activity from Iranian-aligned threat actors, including reconnaissance efforts, DDoS attacks, and data-wiping operations against Israeli targets. Pro-Iranian hacktivist groups have historically conducted hack-and-leak campaigns, ransomware attacks, and disruptive DDoS operations. Analysts suggest the current activity may signal preparations for more aggressive cyber operations, though Iran’s past responses to strikes on its soil have been limited. In June, following U.S. attacks on Iranian nuclear facilities, cyber retaliation was minimal, with only brief service disruptions reported in Albania.