Hacked App Sends Surrender Messages to Iranians Amid Escalating Tensions

Recent military actions by the United States and Israel, described as "preemptive strikes," have intensified tensions following unsuccessful diplomatic negotiations and widespread protests in Iran earlier this year. These protests resulted in the deaths of over 3,000 civilians, according to government figures. In the wake of these strikes, Iranian citizens began receiving unusual notifications on their mobile devices. These messages were not government alerts but appeared to originate from a compromised prayer-timing application, BadeSaba Calendar, which has been downloaded over 5 million times from the Google Play Store.

The notifications, which began shortly after the initial explosions, included messages urging Iranian military personnel to surrender and join forces described as "liberation" groups. Promises of amnesty were made to those who laid down their arms. The notifications, written in Farsi, included statements such as "The time for revenge has come" and calls for a "free Iran." Despite the messages' provocative nature, no group has claimed responsibility for the cyber intrusion.

Cybersecurity experts have confirmed the occurrence of these notifications but remain uncertain about the source of the hack. Narges Keshavarznia, a digital rights researcher, noted the complexity of attributing responsibility in such cases. Morey Haber, a security adviser, suggested that the operation was likely premeditated, with the timing of the messages being strategically aligned with the military strikes.

In response to the attacks, Iran launched retaliatory strikes targeting military bases across the Middle East, with explosions reported in Bahrain, Kuwait, the UAE, and Qatar. This escalation has been accompanied by significant digital disruptions within Iran, including widespread internet blackouts and reduced connectivity. According to NetBlocks, network traffic in Iran has plummeted to just 4 percent of normal levels. Communication networks, including phone lines and SMS services, have also been severely affected, making it difficult for Iranians to communicate or access information.

There have also been reports of cyberattacks targeting Iranian state-affiliated news agencies, such as IRNA and ISNA, resulting in temporary website outages. While IRNA has resumed operations, ISNA remains offline. These digital disruptions are reminiscent of the internet blackouts experienced during the mass protests in January, which were marked by fears of surveillance and a lack of external visibility.

The current situation highlights the dual challenges faced by Iranians: the physical threat of military conflict and the digital isolation caused by internet outages. The lack of connectivity not only hampers communication but also limits the ability to document events and seek international assistance. As Keshavarznia points out, the most pressing concern is the loss of visibility and accountability, which exacerbates the already tense and volatile environment in the region.