From Washington: In a development that will reverberate across the Pacific, the opening hours of the US-Israeli military campaign against Iran on 28 February 2026 were accompanied by a cyber operation of remarkable precision. Hackers reportedly seized control of the popular prayer calendar app BadeSaba to distribute messages that, in another era, might have taken the form of pamphlets dropped from planes. The target was not a military server or a power grid. It was the smartphones of ordinary Iranians.
The messages were sent in quick succession over a 30-minute period to users of the BadeSaba Calendar app, which has been downloaded more than 5 million times and provides Muslims with accurate prayer times based on their location. The first notification, appearing at 9:52 a.m. local time, told users that "Help Has Arrived." A second message at 10:02 a.m. appeared to target Iranian military personnel, stating that amnesty would be granted to those who took up arms against the regime. A third, at 10:14 a.m., urged the app's users to "lay down your weapons or join the forces of liberation" in support of freedom for "our Iranian brothers and sisters."
By seizing control of a trusted religious utility app, the perpetrators bypassed state-controlled media channels and delivered defection messaging straight to personal devices widely used by soldiers and civilians alike. Security researcher Hamid Kashfi, founder of DarkCell, pointed out that the app's user base made it a particularly rich target. By targeting a prayer app integral to daily religious life for millions of Iranians, the operation maximised reach and psychological impact at minimal cost compared to traditional broadcasts.
Kashfi also flagged a dimension that goes beyond simple propaganda. The app requests location access to function, meaning the data it holds on users could, in his words, "be used in many different and interesting ways" beyond the notification campaign itself. The location-tracking dimension adds a layer of intelligence value that purely military tools could not replicate.
Narges Keshavarznia, a digital rights researcher at the Miaan Group, stated that attribution remains unclear at this stage. "At this point, we genuinely do not know who is behind them, whether it was Israel or other anti-government Iranian groups," she said, noting that no hacker collective has claimed responsibility. "Attribution in cases like this is always complex, and it's still too early to draw conclusions."
That caution is worth taking seriously. Jake Williams, vice president of R&D at the cybersecurity firm Hunter Strategy and a former member of the NSA's elite hacking unit known as Tailored Access Operations, told Straight Arrow News that he believes the hack bears the hallmarks of an Israeli operation. The Wall Street Journal and Reuters have also attributed the operation to Israel, though no government has officially confirmed involvement.
Lukasz Olejnik, a Visiting Senior Research Fellow at the Department of War Studies, King's College London, told The Register that he had predicted precisely this scenario in his 2024 book Propaganda. He characterised the campaign not as a cyberattack in the conventional sense, but as a psychological operation aimed at Iranian society and its security forces. Experts note this approach leverages app permissions for push notifications, allowing rapid dissemination without needing control over broadcast networks. "Push notifications are trusted by design," Olejnik said. "The entire model assumes that if you installed an app, the messages it sends are legitimate."
The app hack was one component of a far broader digital assault. Iran's internet plunged into a near-total blackout, with traffic down to around 1 percent of normal levels and connectivity described as "close to zero" as authorities curbed access amid widening regional conflict. Cloudflare Radar showed traffic "close to zero across all major regions," with Tehran, Fars, Isfahan, Alborz, and Razavi Khorasan experiencing a "near-complete shutdown." A number of state media outlets and affiliated sites were also targeted in cyberattacks, according to the semi-official Iran Student News Agency.
The weekend's expanding conventional war also saw the US-Israel side and Iran trading cyberattacks, with security experts telling SC Media that reports of internet utilisation dropping to 4 percent in Iran were largely a government-imposed "kill switch" by the regime. The distinction matters: whether the blackout was externally imposed or self-inflicted, the result for ordinary Iranians was the same, a digital silence at a moment of acute national crisis.
The implications stretch well beyond the Middle East. Tehran-linked hackers are stepping up digital reconnaissance and preparing for potentially disruptive cyber activity, with intelligence firms warning that the continued degradation of Iranian forces has increased the likelihood of retaliatory cyber operations against US and allied targets. Sophos issued an advisory warning that proxy groups or ideologically motivated actors aligned with Iran could target Israeli and US-affiliated military, commercial, or civilian organisations, with possible tactics including ransomware, destructive "wiper" malware, and hack-and-leak operations.
For Australia, this is not a distant concern. The Australian Signals Directorate has previously warned Australian organisations about Iranian state-sponsored cyber actors, and the current escalation substantially raises the risk of spillover attacks on allied nations. The AUKUS partnership ties Australia's security interests directly to those of both the United States and, by extension, Israel's US-aligned operations.
Olejnik's broader warning to developers is worth reflecting on carefully. The hack of BadeSaba Calendar represents a tactical evolution in cyber warfare, shifting from infrastructure disruption to mass messaging through trusted civilian applications. "Developers and operators should map how they use it and update their risk assessments accordingly," he said of push notification infrastructure. "Especially those with significant user bases." In an age when apps accompany Australians through every moment of their day, the lesson carries weight well beyond Tehran.