An Islamic prayer timing app widely used in Iran sent a series of anti-regime messages to users on February 28, 2026. The notifications urged members of the security forces to abandon their posts and join what the messages described as “liberation forces.”
“According to multiple media reports, the messages appeared on BadeSaba Calendar, an app with more than five million downloads. The incident occurred during growing unrest and amid US and Israeli strikes on Iranian military targets. Some Israeli and international outlets attributed the cyber operation to Israel, though there is no official confirmation. The messages appeared shortly before a near-total internet outage across Iran, limiting independent verification.
Messages published by Israel through the hacked prayer application
Social media users shared screenshots of the notifications before the connection dropped. One message, written in Persian, called on “repressive forces” to lay down their arms or defect to save their lives and protect Iran. Another message read: “Help has arrived,” language that commentators linked to previous statements by Donald Trump promising to support Iranian protesters. Analysts said the wording was clearly aimed at soldiers and internal security units and not the wider public.
A state of mourning erupts in Tehran after the killing of Khamenei, and Iran pledges fierce revenge against the United States and Israel
Public App Store data and survey reports show that BadeSaba Calendar has been downloaded more than five million times, making it one of the most popular religious facility apps in Iran. Download numbers do not reflect active users at a given moment. However, experts say reaching a small portion of this audience will be important in Iran’s tightly controlled media environment. Iran imposed sweeping internet restrictions soon after, making it unclear how many devices received the messages.
Several Israeli media reports, citing unnamed security officials, said the hack was part of a broader Israeli campaign against the Iranian regime.
Ingenious Israeli cyber tactics and how to use them
Over the past decade, Israeli security services and allied cyber units have gained a reputation for operations designed to shape behavior rather than simply disrupt systems. These actions are usually precise and personal, and their impact is rooted in timing, credibility, and psychological impact.One major method involves hijacking mobile apps and notification systems. Smartphones rely on centralized payment services, meaning access to an app’s backend can instantly put messages on millions of screens. In previous operations attributed to Israel, similar tactics were used to send false alerts and warnings that appeared to come from reliable local sources. The reported abuse of the prayer app BadeSaba follows this pattern, using a religious tool to deliver a political message directly to users.Another way is to manipulate SMS messages and emergency alarm systems. In previous regional confrontations, cyber operations linked to Israel reportedly sent text messages to soldiers warning them that they were being monitored or urging them to stand down. Because these messages resemble official alerts, they can spark confusion and hesitation at critical moments.One of the most notable examples of Israel’s unconventional methods was a reported pager attack in Lebanon in 2024. Hezbollah members, who had turned to pagers believing they were safe, were targeted when hundreds of devices exploded almost simultaneously.
The pagers are believed to have been compromised during the supply chain, with small explosive devices planted prior to distribution. The explosions led to the killing and wounding of Hezbollah members, while largely injuring civilians. Israel did not claim responsibility for the operation, but the operation was widely attributed to Israeli intelligence.The Nidaa incident reflects a broader pattern of turning trusted technology into a security vulnerability.
This includes cyber sabotage such as Stuxnet, as well as the reported use of tampered cell phones, hacked radios, and compromised media systems. In recent years, these tactics have expanded into information warfare, where phishing alerts and targeted messages are sent directly to devices. Together they point to a strategy that emphasizes precision, surprise and psychological impact rather than mass destruction.Israel also used the disruption of official media as a psychological tool.
Iranian media outlets and their allies have at times seen websites briefly taken over or headlines changed, with some broadcasts interrupted. Although usually short-lived, these events carry strong symbolic weight by demonstrating the potential for violations of state control over information.Less obvious operations include phishing campaigns and long-term credential harvesting. Cybersecurity researchers have documented how fake emails and login pages have been used to infiltrate government ministries, military units, and media organizations.
These efforts help map internal networks and lay the foundation for future influence operations.What links these approaches is strategic timing. Cyber messages often appear alongside protests, military strikes, or political crises. The goal is to sow doubt, weaken morale, and encourage divisions within state institutions. The Badisaba incident reflects this approach, as messages urging dissent appeared amid unrest, foreign strikes and economic pressures, which were shortly followed by a nationwide internet blackout.For ordinary citizens and ordinary soldiers, the experience can be very unsettling. The trusted application delivers an unexpected message. Alerts contradict official statements. State media are silent while phones buzz with unfamiliar warnings. The effect is not one of persuasion alone, but of confusion and a feeling that control is slipping away.In this sense, the prayer app hack is not an isolated event. It reflects a broader shift in modern conflict, where wars are fought not just with missiles and sanctions, but also with notifications, interfaces and moments of doubt delivered directly to personal devices.After the hack and strikes, monitoring group NetBlocks said internet connectivity in Iran fell to about 4% of normal levels. Human rights groups warn that such a blackout restricts information and increases the risk of violations going unreported. Human Rights Watch has previously documented mass arrests, disappearances, and killings during periods of unrest, concerns that intensify when communication channels are cut off.
Official feedback
Iranian official media condemned the cyber incidents and accused hostile foreign powers of destabilizing the situation. Israeli officials have not publicly acknowledged responsibility for the hacking of the prayer app. International coverage described the incident as part of the expanding cyber dimension in the confrontation between Iran and its opponents.Key questions remain unresolved. This includes how messages are technically delivered, how many users are affected and who is ultimately responsible. Until an independent cybersecurity analysis or official confirmation emerges, the incident will continue to be described in reported terms rather than as an established fact.