An Islamic prayer timing app widely used in Iran pushed a series of anti-regime messages to users on February 28, 2026. The notices urged members of the security forces to abandon their posts and join what the sources described as “liberation forces.”The messages appeared on the BadeSaba Calendar app, which has been downloaded more than 5 million times, according to multiple media reports. The incident occurred during a period of heightened unrest over U.S. and Israeli attacks on Iranian military targets. Some Israeli and international media blamed the cyber operation on Israel, but there has been no official confirmation. The messages appeared shortly before a near-total internet blackout across Iran, limiting independent verification.
Israel’s message spread through hacked prayer apps
Social media users shared screenshots of the notification before the connection was lost. One message, written in Farsi, called on “repressive forces” to lay down their arms or defect to save their lives and protect Iran. Another article read: “Help has arrived,” with commentators linking the phrase to the previous statement. Donald Trump Pledged support for Iranian protesters. Analysts said the language was clearly aimed at soldiers and internal security forces, rather than the public at large.Public app store data and survey reports show that BadeSaba Calendar has been downloaded more than 5 million times, making it one of the most popular religious utility apps in Iran. Download data does not reflect active users at a specific moment. Even so, experts say reaching a small audience will be significant in Iran’s tightly controlled media environment. Iran quickly implemented sweeping internet restrictions, and it’s unclear how many devices received the messages. Several Israeli media outlets, citing unnamed security officials, said the hack was part of a broader Israeli campaign against the Iranian regime.
Israel’s clever networking methods and how to use them
Over the past decade, Israeli security services and allied cyber forces have built a reputation for operations designed to shape behavior rather than simply disrupt systems. These actions are often precise and personalized, with impact rooted in timing, credibility and psychological effects.One key method involves hijacking mobile apps and notification systems. Smartphones rely on centralized push services, which means access to the app’s backend can send messages to millions of screens at once. In earlier Israeli operations, similar tactics were used to send false alerts and warnings that appeared to come from trusted domestic sources. The reported breach of the BadeSaba prayer app follows a pattern of leveraging religious utility to deliver political messages directly to users.Another method is to manipulate text messaging and emergency alert systems. In past regional conflicts, Israeli-linked cyber operations have reportedly sent text messages to soldiers warning they were being watched or urging them to stop. Because these messages resemble official alerts, they can cause confusion and hesitation at a critical moment.One of the most high-profile examples of Israel’s unconventional methods was the 2024 pager attack in Lebanon. HezbollahThey had reportedly turned to pagers, believing them to be safe, when hundreds of devices exploded almost simultaneously. The pagers are believed to have been compromised during the supply chain process and contained a small amount of explosives embedded before being distributed. The explosion killed and injured Hezbollah agents, but most civilians survived. Israel did not claim responsibility for the operation, but it is widely believed to have been carried out by Israeli intelligence services.The pager incident reflects a broader pattern of turning trusted technologies into vulnerabilities. This includes cyber sabotage campaigns such as Stuxnet, as well as the reported use of rigged mobile phones, compromised radio equipment and hacked media systems. In recent years, these tactics have expanded into information warfare, sending deceptive alerts and targeted messages directly to devices. Together they pointed to a strategy that focused on precision, surprise, and psychological impact rather than mass destruction.Israel also uses interference with state media as a psychological tool. Iranian and allied media have sometimes seen websites briefly taken over or headlines changed, and some broadcasts interrupted. Although these events are often short-lived, they are highly symbolic because they demonstrate that state control of information can be undermined.Less obvious operations include long-running phishing and credential collection campaigns. Cybersecurity researchers have documented how fake emails and login pages are used to infiltrate government agencies, military units, and media organizations. These efforts help map internal networks and lay the foundation for future influence operations.What links these approaches is strategic timing. Online messages often appear in conjunction with protests, military strikes or political crises. The aim is to sow doubt, undermine morale and encourage divisions within state institutions. The Bade Saba affair exemplified this approach, with messages urging defections emerging and a nationwide internet blackout soon following amid unrest, foreign strikes and economic strains.For ordinary citizens and ordinary soldiers, this experience can be deeply disturbing. A trusted application delivered an unexpected message. The alert contradicted official statements. There was silence in the state media, and unfamiliar warnings came over the phone. The effect is not just persuasion but disorientation and a sense of waning control.From this perspective, the prayer app hack was not an isolated incident. It reflects a broader shift in modern conflict, where war is fought not just through missiles and sanctions but also through notifications, interfaces and moments of doubt sent directly to personal devices.Following the hack and attack, monitoring group NetBlocks said Iran’s internet connectivity dropped to around 4% of normal levels. Human rights groups warn that such blockades limit information and increase the risk of abuses going unreported. Human Rights Watch has previously documented mass arrests, disappearances and killings during unrest, and concerns are heightened when lines of communication are cut off.
Official reaction
Iranian state media condemned the cyber incident and accused foreign hostile forces of destabilizing the situation. Israeli officials have yet to publicly admit responsibility for the prayer app hack. International reports described the incident as part of a widening cyber confrontation between Iran and its adversaries.Key issues remain unresolved. These include how the message was technically delivered, the number of users affected and who was ultimately responsible. Until independent cybersecurity analysis or official confirmation emerges, the incident will continue to be described in a reported manner rather than as an established fact.
