Residents across Tehran and other Iranian cities were jolted awake by sounds of loud explosions in the early hours of Saturday morning, as Israel and the US launched joint attacks on Iran.
The attacks, which the US and Israel are calling “preemptive strikes,” come after a period of failed negotiations between the countries, and on the heels of mass protests in Iran earlier this year that saw the death of at least 3,117 civilians, according to government statistics.
Shortly after the first set of explosions, Iranians received bursts of notifications on their phones. They came not from the government advising caution, but from an apparently hacked prayer-timing app called ‘BadeSaba Calendar’ that has been downloaded more than 5 million times from the Google Play Store.
The messages arrived in quick succession over a period of 30 minutes, starting with the phrase ‘Help Has Arrived’ at 9:52 am Tehran time, shortly after the first set of explosions. No party has claimed responsibility for the hacks.
Screenshots shared with WIRED Middle East show messages urging Iranian military personnel to surrender their weapons with the promise of amnesty. They also urged army personnel to join “the forces of liberation” and to “defend your brothers.”
“The time for revenge has come,” one notification received at 10:02 am read (translated from Farsi). “The regime’s repressive forces will pay for their cruel and merciless actions against the innocent people of Iran. Anyone who joins in defending and protecting the Iranian nation will be granted amnesty and forgiveness.”
“For the freedom of our Iranian brothers and sisters, this is a call to all oppressive forces—lay down your weapons or join the forces of liberation. Only in this way can you save your lives. For a free Iran,” another message sent at 10:14 am read.
Cybersecurity analysts confirmed that BadeSabah users had received notifications around the time of the strikes, but have not been able to identify the source of the hack. “At this point, we genuinely do not know who is behind them, whether it was Israel or other anti-government Iranian groups,” says Narges Keshavarznia, digital rights researcher at the Miaan Group, adding that no hacker group has claimed credit.
“Attribution in cases like this is always complex, and it’s still too early to draw conclusions.”
Morey Haber, the chief security advisor at BeyondTrust, however, pointed out that a cyber operation of this nature would almost certainly have been planned in advance.
“The compromise of assets [likely] happened some time ago, and these messages of ‘help’ were timed” strategically, he claims. “This is not a smash-and-grab style of attack. It is nation-state versus nation-state and is being executed with intent and precision.”
Iran on Saturday launched retaliatory kinetic attacks targeting key military bases across the Middle East. Explosions were reported in Bahrain, Kuwait, the UAE, and Qatar on Saturday, including multiple missiles that were intercepted.
Digital Blackout, Cyber Warfare
As the war unfolds, the Iranian public has already faced internet blackouts and weeks of severely reduced connectivity. “The country has been experiencing a widespread internet disruption, and access to the internet has significantly decreased in several parts of the country, including Tehran,” Keshavarznia says.
According to internet monitoring tool NetBlocks, overall network traffic has dropped to 4 percent. Data from ArvanCloud’s Radar monitoring system, an Iranian-operated cloud service, indicates that many of the country’s main data centers and domestic PoP sites have either lost connectivity to the international internet or are experiencing severe disruption, Keshavarznia pointed out.
Communication networks are also down with outages in phone lines and SMS services, and severe degradation of both mobile data and fixed broadband connections. “Incoming international calls to Iran are also reportedly affected. Even using VPNs has become extremely difficult,” she says.
/cdn.vox-cdn.com/uploads/chorus_asset/file/15993021/akrales_190327_3315_0012.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/23951261/VRG_Illo_N_Barclay_5_apple.jpg)
/cdn.vox-cdn.com/uploads/chorus_asset/file/25283725/STK048_XBOX_D.jpg)
