Amid Israeli and US strikes on Iran and subsequent regional escalation, an apparently compromised Android prayer-timing app (BadeSaba Calendar, reported as having 5M+ Google Play downloads) pushed coordinated political/psychological messages to users in Iran, including calls for Iranian military personnel to surrender and promises of amnesty. The notifications arrived in rapid succession over roughly 30 minutes shortly after explosions were reported in Tehran; no actor publicly claimed responsibility, and the incident highlights the risk of mass-notification channels in widely installed mobile apps being abused for influence operations during kinetic conflict.
Separately, reporting described Iran’s recent, unusually severe communications blackout as part of a government crackdown on protests: beyond typical censorship, connectivity was disrupted across mobile networks, SMS, and landlines, and even Starlink access was reportedly blocked; when limited domestic services returned, social/interactive features were selectively removed to reduce coordination. A third item focused on the UAE’s layered missile-defense architecture (e.g., THAAD and Patriot) used to intercept Iranian ballistic missiles, which is contextually related to the broader conflict but not directly tied to the cyber/information-operations and communications-control developments.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
12 events from the most recent confirmed update back to the earliest known activity.
Dubai authorities said social media posts claiming Iran had struck the Oracle Data Centre were false. The Dubai Media Office described the reports as fake news and urged the public to rely on official sources amid a broader wave of wartime misinformation.
By March 3, reporting cited U.S. Joint Chiefs Chairman Gen. Dan Caine saying coordinated space and cyber operations had disrupted Iranian communications and sensor networks to disorient Iranian forces during the campaign.
During the March 2026 Iran-Israel conflict, cybersecurity experts cited by Khaleej Times alleged that a large Iranian bot and disinformation network rapidly pushed coordinated narratives, hashtags, and doctored or AI-generated media online. The campaign reportedly amplified false claims including fabricated imagery of a Bahraini building fire and a fake strike on the U.S. Fifth Fleet headquarters in Bahrain.
Amazon said its Middle East data center in the UAE suffered an outage after objects struck the facility, causing sparks and fire during the broader regional escalation.
As the conflict escalated, Iran reportedly carried out retaliatory kinetic attacks against military bases across the Middle East, with explosions reported in multiple Gulf countries and some missiles intercepted.
During the same period, state-affiliated outlets including IRNA and ISNA were reportedly taken offline or altered to display anti-government content, further constraining communications inside Iran.
Amid the strikes and cyber activity, internet measurement groups reported a severe nationwide outage in Iran, with NetBlocks saying traffic fell to about 4% of normal and other providers observing near-total connectivity loss.
Shortly after explosions were reported, the BadeSaba Calendar app's push-notification system was apparently compromised and used to send anti-government and surrender messages to users for roughly 30 minutes beginning around 9:52 a.m. Tehran time.
During reported joint U.S. and Israeli preemptive strikes on Iran in late February 2026, cyber activity accompanied the military campaign, with officials and reporting describing efforts to disrupt Iranian communications and sensor networks.
During a January 2026 crackdown on nationwide protests, Iran imposed a major communications blackout that disrupted not only international internet access but also domestic infrastructure including mobile networks, SMS, landlines, and some local services.
In July 2025, Iran reportedly formalized the two-tier internet model through a regulation making access to the global internet a privilege granted to approved groups such as officials, security forces, and selected professionals.
According to the Schneier summary, Iran's Supreme Council of Cyberspace had been developing a class-based or 'two-tier' internet approach since 2009, designed to differentiate access based on user status and loyalty.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
9 references tracked. Mallory keeps watching after this page renders.
khaleejtimes.com
Open sourcekhaleejtimes.com
Open sourceschneier.com
Open sourcetechcrunch.com
Open sourcehackread.com
Open sourcecybersecuritynews.com
Open sourcetechcrunch.com
Open sourcewired.com
Open sourceschneier.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.