As Israeli and US forces launched joint preemptive airstrikes on Tehran, a sophisticated cyber-psychological operation unfolded simultaneously.
According to a report by Wired Middle East, millions of Iranian citizens and military personnel were jolted awake not only by explosions but also by unauthorized push notifications from a compromised mobile application.
The incident signaled a new escalation in nation-state cyber warfare, blending digital intrusion with kinetic military operations.
Prayer App Hijacked During Military Strikes
The primary vector for this digital offensive was the ‘BadeSaba Calendar,’ a popular prayer timing application with over 5 million downloads on the Google Play Store.
As noted by Wired Middle East, shortly after the physical strikes began on Saturday morning, the app’s notification system was hijacked to broadcast messages of psychological warfare.
Starting at 9:52 AM local time, users received a burst of push notifications titled “Help is on the way”.
Screenshots shared with Wired Middle East revealed that these messages explicitly urged Iranian military members to abandon their posts and lay down their weapons in exchange for amnesty.
The push notifications are all titled “Help is on the way ” and urged Iranian troops to surrender (source: Wired)
At 10:02 AM, a subsequent alert warned that “repressive forces will pay for their cruel and merciless actions,” while another message at 10:14 AM called on forces to join the “liberation” for a free Iran.
While the exact malware or exploitation technique remains unidentified, Wired Middle East highlighted analysis from cybersecurity experts who assess this as a highly coordinated nation-state operation rather than a standard cybercriminal attack.
Morey Haber, Chief Security Advisor at BeyondTrust, told the publication that an attack of this scale requires advanced planning.
The threat actors likely compromised the application’s backend infrastructure well in advance, staging the notifications as triggered payloads perfectly timed to coincide with the kinetic airstrikes.
Currently, attribution remains unconfirmed, with no hacker organization or state entity officially claiming responsibility for the breach.
Speaking to Wired Middle East, Narges Keshavarznia, a digital rights researcher at the Miaan Group, stated that it is too early to determine whether the operation was carried out by Israeli intelligence or by anti-government Iranian hacktivist groups.
Severe Nationwide Internet Disruptions
Simultaneous to the app compromise, Iran experienced a severe digital blackout. As documented by Wired Middle East, this is a familiar defensive or suppressive tactic used during periods of national crisis.
According to the internet monitoring tool NetBlocks cited in the report, national network traffic plummeted to just 4 percent of normal levels.
Update: #Iran's internet blackout has now passed the 24-hour mark with national connectivity flatlining at 1% of ordinary levels.
The measure limits civic engagement at a key moment for the country's future after the killing of Ayatollah Khamenei in US and Israeli airstrikes. pic.twitter.com/W4jDgds1Ty— NetBlocks (@netblocks) March 1, 2026
Data from ArvanCloud, a domestic cloud service operator, indicated that major data centers and domestic points of presence lost international connectivity.
Furthermore, Wired Middle East reported that state-affiliated news agencies, including IRNA and ISNA, were taken offline by suspected coordinated cyberattacks.
Digital rights advocates warned that these communication outages severely degrade mobile data, fixed broadband, and VPN access, eliminating visibility and preventing civilians from documenting the unfolding events or seeking help.
Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.
The post Hacked Prayer App Used as Cyber Weapon During US-Israel Strikes on Iran appeared first on Cyber Security News.
