Iran Prayer App Hacked to Spread Anti-Regime Messages During Heightened Tensions
In a significant cyber incident, an Islamic prayer-timing application widely used in Iran was compromised on February 28, 2026, pushing a series of anti-regime notifications to its users. The messages explicitly urged members of Iran's security forces to abandon their posts and join what was described as "liberation forces." This event occurred amidst heightened unrest and concurrent military strikes by the United States and Israel on Iranian targets, amplifying regional tensions.
Details of the Cyber Operation
According to multiple media reports, the notifications appeared on BadeSaba Calendar, a popular religious utility app with over five million downloads. The messages, written in Persian, called on "repressive forces" to lay down their weapons or defect to save their lives and protect Iran. Another notification read, "Help has arrived," language that commentators have linked to earlier statements by former US President Donald Trump, who had promised support for Iranian protesters. Analysts noted that the wording was clearly targeted at soldiers and internal security units rather than the general public.
Shortly after these messages were disseminated, Iran experienced a near-total internet blackout, with connectivity dropping to approximately 4% of normal levels, as reported by monitoring group NetBlocks. This blackout severely limited independent verification of the incident and raised concerns among human rights groups about potential abuses going unreported during periods of unrest.
Attribution and Broader Context
Several Israeli media outlets, citing unnamed security officials, attributed the hack to Israel as part of a broader campaign against the Iranian regime. However, Israeli officials have not publicly acknowledged responsibility, and international coverage has described the episode as part of an expanding cyber dimension in the confrontation between Iran and its adversaries. The incident reflects a pattern of cyber operations aimed at shaping behavior through psychological impact rather than mere disruption.
Key methods used in such operations include:
- Hijacking mobile applications and push notification systems to deliver messages directly to millions of devices.
- Manipulating SMS and emergency alert systems to create confusion among soldiers.
- Disrupting state media to demonstrate breaches in information control.
One notable example is the pager attack in Lebanon in 2024, where hundreds of devices used by Hezbollah operatives reportedly exploded simultaneously, an operation widely attributed to Israeli intelligence. These tactics emphasize precision, surprise, and psychological effects, turning trusted technology into vulnerabilities.
Impact and Reactions
For ordinary citizens and rank-and-file soldiers, such cyber incidents can be deeply unsettling, creating disorientation and a sense that control is slipping. Iranian state media condemned the hack, accusing hostile foreign powers of destabilization. Meanwhile, human rights organizations like Human Rights Watch have warned that internet blackouts during unrest increase risks of mass arrests, disappearances, and killings without accountability.
Key questions remain unresolved, including the technical delivery of the messages, the exact number of affected users, and definitive attribution. Until independent cybersecurity analysis or official confirmation emerges, the incident continues to be described in reported terms rather than as established fact.
This event underscores a broader shift in modern conflict, where wars are fought not only with traditional weapons but through digital means like notifications and interfaces, directly targeting personal devices to spread doubt and weaken morale within state institutions.
