Iran has been hit by sweeping internet outages and apparent cyber intrusions coinciding with US airstrikes, in what experts describe as a synchronized campaign blending kinetic and digital pressure. Network telemetry from multiple monitoring firms showed national connectivity collapsing to near-zero levels as reports of hacked mobile apps and targeted disruptions spread across major cities.
Iranians Report App Hacks Amid Nationwide Blackout
Even as connections failed, many Iranians received a cascade of unsolicited push notifications from Bade Saba, a widely used prayer and calendar app with millions of downloads. Messages seen by users contained anti-government language and calls for a “reckoning,” suggesting the app or its notification infrastructure had been compromised. Wired reported that multiple alerts were pushed in rapid succession, an uncommon tactic aimed at cutting through throttled mobile networks.
While attribution remains unclear, the episode fits a broader playbook of leveraging trusted local apps to deliver psychological operations at scale. Security researchers note that notification systems are attractive targets: they allow adversaries to reach users without needing to compromise each device, and they can amplify messaging when social platforms are blocked or bandwidth is constricted.
Connectivity Plummets Across Major Networks
Network analysts at Kentik said internet connectivity in Iran plunged shortly after the strikes, with measurements indicating traffic volumes dropping to a fraction of normal levels. Cloudflare’s network data also showed a sharp collapse in routing and DNS queries originating from Iranian autonomous systems, consistent with nationwide shutdown patterns seen in previous crises.
NetBlocks, which tracks global internet disruptions, reported widespread outages across fixed and mobile operators, including the state-controlled backbone that underpins domestic routing. In prior events, authorities in Tehran have used a combination of border gateway protocol (BGP) route withdrawals, deep packet inspection, and centralized filtering to throttle or sever international connectivity while keeping parts of the National Information Network—Iran’s domestic internet—functioning.
These cutoffs carry heavy economic and social costs. During earlier nationwide blackouts, NetBlocks estimated daily losses in the tens of millions of dollars as banking, logistics, and small businesses stalled. Similar risks are likely now, with reports of payment failures and service interruptions compounding uncertainty for residents.
Cyber Operations Mirror Kinetic Military Strikes
The Jerusalem Post reported that offensive cyber measures were used alongside air operations to constrain Iran’s ability to respond, echoing a long-running pattern of covert digital conflict in the region. Western governments have previously been linked to campaigns against Iranian nuclear, financial, and government networks, while Iranian state-aligned groups have targeted regional energy firms, shipping, and critical infrastructure.
Analysts say the goals of hybrid operations are clear: disrupt command-and-control, degrade air defense coordination, and flood information channels during peak confusion. “The timing of shutdowns is often as important as their scale,” noted Doug Madory of Kentik in a public update, pointing to the steep drop in connectivity immediately following the first strikes.
Regional Spillover Hits Cloud And Commerce
The digital turmoil is not confined to Iran. Amazon said a Middle East data center in the United Arab Emirates suffered an outage after objects struck the facility, causing sparks and a fire, following Iranian missile launches that threatened coastal infrastructure. Even brief cloud disruptions in the Gulf can ripple across fintech, media, and public services that depend on low-latency regional availability zones.
Logistics and trade routes face parallel strain. Security consultancies warn that heightened military activity around the Strait of Hormuz could slow air cargo and delay container traffic, increasing costs for e-commerce operators and manufacturers reliant on just-in-time supply chains. During previous escalations, insurers raised war-risk premiums for Gulf shipping, pushing carriers to reroute or idle vessels.
How Iran Manages And Circumvents Shutdowns
Iran’s centralized architecture gives authorities levers to throttle or block at scale, but it also produces predictable workarounds. VPN demand typically surges during blackouts; researchers at Top10VPN have documented spikes of several thousand percent in Iran during past crackdowns. Nonetheless, when upstream international links are withdrawn or heavily rate-limited, even VPNs and circumvention tools are blunted.
Domestic apps, CDNs, and government portals often stay reachable via the National Information Network, enabling limited continuity for state services while isolating users from the global web. That split—local availability with international darkness—complicates verification of on-the-ground reports and hinders independent media coverage.
What To Watch Next In Iran’s Evolving Cyber Conflict
Indicators to monitor include restoration of BGP routes through Iran’s main transit providers, sustained packet loss on mobile carriers, and fresh phishing or DDoS waves aimed at banks, broadcasters, and ministries. Regional spillover may involve retaliatory cyber activity targeting energy firms, cloud providers, and maritime logistics across the Gulf.
For organizations with exposure to the region, incident responders recommend stepped-up monitoring for routing anomalies, segmentation of operational networks, and rapid patching of vulnerabilities historically exploited by state-aligned groups, including those tracked by researchers as APT33, APT34, and MuddyWater. With air and cyber fronts now tightly intertwined, the stability of Iran’s internet—and the wider Middle Eastern digital economy—will likely be shaped by what happens next in the skies.
