BadeSaba: Hackers hit Iranian apps, websites after US-Israeli strikes

Cyber Retaliation Likely as U.S.-Israeli Strikes Trigger Iranian Digital Disruptions

On March 1, 2026, a series of cyber operations unfolded alongside joint U.S.-Israeli airstrikes targeting Iran, signaling potential escalation in digital warfare. Cybersecurity experts reported multiple breaches, including the hack of BadeSaba, a widely used Iranian religious app with over 5 million downloads. The app displayed messages urging armed forces to disarm and join civilians, while other compromised news websites broadcast similar calls for accountability.

Internet connectivity in Iran experienced sharp drops at 0706 GMT and 1147 GMT, according to Doug Madory of Kentik, with only minimal service remaining. The Jerusalem Post reported cyberattacks on Iranian government and military systems, though Reuters could not independently verify these claims. Security researchers noted the strategic targeting of BadeSaba, as its user base primarily religious and pro-government made it a high-impact platform for psychological operations.

Cybersecurity firms warned of impending retaliation, with Sophos’ Rafe Pilling highlighting potential tactics, including amplified data breaches, unsophisticated industrial system compromises, and direct offensive cyber operations. Pro-Iranian hacktivist groups, known for past hack-and-leak campaigns, ransomware, and DDoS attacks, have already issued calls to action, per Halcyon’s Cynthia Kaiser. CrowdStrike observed reconnaissance and DDoS activity from Iranian-aligned actors, while Anomali reported state-backed Iranian groups deploying "wiper" attacks against Israeli targets ahead of the strikes.

Despite Iran’s reputation as a cyber threat alongside Russia and China, its past responses to physical attacks have been limited. Following U.S. strikes on Iranian nuclear sites in June, cyber retaliation was minimal, with only a brief disruption in Albania’s capital, Tirana. However, the current escalation suggests a shift toward more aggressive digital countermeasures.

Source: https://www.reuters.com/business/media-telecom/hackers-hit-iranian-apps-websites-after-us-israeli-strikes-2026-03-01/

Badesaba | بادصبا cybersecurity rating report: https://www.rankiteo.com/company/badesaba

"id": "BAD1772389516",
"linkid": "badesaba",
"type": "Cyber Attack",
"date": "3/2026",
"severity": "100",
"impact": "8",
"explanation": "Attack that could bring to a war"

{'affected_entities': [{'customers_affected': '5 million+ users',
                        'industry': 'Religious/News',
                        'location': 'Iran',
                        'name': 'BadeSaba',
                        'size': '5 million+ downloads',
                        'type': 'Mobile Application'},
                       {'industry': 'Public Sector',
                        'location': 'Iran',
                        'name': 'Iranian Government',
                        'type': 'Government'},
                       {'industry': 'Defense',
                        'location': 'Iran',
                        'name': 'Iranian Military',
                        'type': 'Military'}],
 'attack_vector': ['Compromised Application',
                   'Website Defacement',
                   'Network Disruption'],
 'date_detected': '2026-03-01',
 'date_publicly_disclosed': '2026-03-01',
 'description': 'On March 1, 2026, a series of cyber operations unfolded '
                'alongside joint U.S.-Israeli airstrikes targeting Iran, '
                'signaling potential escalation in digital warfare. '
                'Cybersecurity experts reported multiple breaches, including '
                'the hack of BadeSaba, a widely used Iranian religious app '
                'with over 5 million downloads. The app displayed messages '
                'urging armed forces to disarm and join civilians, while other '
                'compromised news websites broadcast similar calls for '
                'accountability. Internet connectivity in Iran experienced '
                'sharp drops, and cyberattacks on Iranian government and '
                'military systems were reported. Security researchers noted '
                'the strategic targeting of BadeSaba for psychological '
                'operations.',
 'impact': {'brand_reputation_impact': 'High (psychological impact on '
                                       'pro-government users)',
            'downtime': 'Sharp drops in internet connectivity at 0706 GMT and '
                        '1147 GMT',
            'operational_impact': 'Minimal internet service remaining in Iran',
            'systems_affected': ['BadeSaba App',
                                 'Iranian Government Systems',
                                 'Military Systems',
                                 'News Websites']},
 'investigation_status': 'Ongoing',
 'motivation': ['Retaliation', 'Psychological Warfare', 'Disruption'],
 'references': [{'source': 'Kentik (Doug Madory)'},
                {'source': 'Jerusalem Post'},
                {'source': 'Reuters'},
                {'source': 'Sophos (Rafe Pilling)'},
                {'source': 'Halcyon (Cynthia Kaiser)'},
                {'source': 'CrowdStrike'},
                {'source': 'Anomali'}],
 'stakeholder_advisories': 'Cybersecurity firms warned of impending '
                           'retaliation, including amplified data breaches, '
                           'industrial system compromises, and direct '
                           'offensive cyber operations.',
 'threat_actor': ['Pro-Iranian Hacktivist Groups',
                  'State-Backed Iranian Groups'],
 'title': 'Cyber Retaliation Likely as U.S.-Israeli Strikes Trigger Iranian '
          'Digital Disruptions',
 'type': ['Cyber Espionage', 'Psychological Operation', 'DDoS', 'Wiper Attack']}