A wave of cyber-enabled operations took place early Sat morning alongside the joint US-Israeli attack on targets across Iran, according to cybersecurity experts & observers.
The operations included the hacking of multiple news websites to display various messages & the hack of BadeSaba, a religious calendar app with more than 5m downloads, which displayed messages telling users, “It’s time for reckoning”.
Cyber Command
A spokesperson for US Cyber Command did not immediately respond to a request for comment.
Internet connectivity in Iran dropped precipitously at 0706 GMT, & then again at 1147 GMT, with only minimal connectivity remaining, Doug Madory, director of internet analysis at Kentik, commented in a post on X.
The cyber-attack on BadeSaba was a cleaver move because govt. supporters use it & they tend to be more religious, commented Hamid Kashfi, a security researcher & founder of cybersecurity firm DarkCell.
Military Targets
Cyber operations also struck a variety of Iranian Govt. services & military targets to limit a co-ordinated Iranian response; the Jerusalem Post reported on Sat. There is no independent verification of the claims.
“As Iran considers its options, the likelihood increases that proxy groups & hacktivists may take action, including cyber-attacks, against Israeli & US-affiliated military, commercial, or civilian targets,” stated Rafe Pilling, the director of threat intelligence with cybersecurity firm Sophos.
The attacks could include the amplification of old data breaches presented as new, unsophisticated attempts to compromise internet-exposed industrial systems, & potentially direct offensive cyber operations, Pilling observed.
pro-Iranian
Activity in the Middle East has increased, stated Cynthia Kaiser, a former top FBI cyber official & current senior VP at anti-ransomware firm Halcyon.
Kaiser explained the firm has also seen calls to action from known pro-Iranian cyber personas who in the past have conducted hack-&-leak operations, ransomware attacks & distributed denial-of-service attacks (DDoS), which flood internet services rendering them inaccessible.
The current cyber activity may precede more aggressive operations, outlined Adam Meyers, Senior VP of counter adversary operations with CrowdStrike (CRWD.O), opens new tab.
“CrowdStrike is already seeing activity consistent with Iranian-aligned threat actors & hacktivist groups conducting reconnaissance & initiating DDoS attacks,” he explained.
“Wiper” Attacks
Cybersecurity firm Anomali observed in an analysis shared with Reuters on Sat. that state-backed Iranian hacking groups were already conducting “wiper” attacks that erase data on Israeli targets ahead of the strikes.
Although Iran is often mentioned by US cyber officials alongside Russia & China as a threat to American networks, Tehran’s previous responses to attacks on its soil have been muted.
In June, after the US struck Iranian nuclear targets, there was little sign of the disruptive cyberattacks, opens new tab often invoked during discussions of Iran’s digital capabilities beyond a short-lived interruption of services in Tirana, Albania’s capital, according to media reports.
