Prayer App Users Receive Surrender Messages During Iran Airstrikes
Tehran, Saturday, 28 February 2026.
Iranian users of BadeSaba Calendar, a popular prayer app with over 5 million downloads, received mysterious push notifications urging military surrender and promising amnesty during joint US-Israeli strikes on February 28, 2026. The coordinated cyber operation sent messages titled ‘Help is on the way’ over a 30-minute window starting at 9:52 AM Tehran time, coinciding precisely with airstrikes on the capital. Security experts suggest the app was compromised well in advance, with the timing strategically planned for maximum psychological impact during the military operation.
Strategic Timing and Psychological Operations
The messages delivered to BadeSaba Calendar users represented a sophisticated psychological operation, with content specifically crafted to encourage defection from Iranian military forces [1]. One message read in Persian, “For the freedom of Iranian brothers and sisters, this is a call for all repressive forces – push your weapons aside or join the liberation forces. Only this way can you save your life for Iran” [4]. The hackers also pushed the message “Help has arrived,” an apparent reference to a prior statement from US President Donald Trump in January 2026, when he told Iranian protesters to “keep protesting – take over your institutions” [2]. Morey Haber, chief security advisor at BeyondTrust, emphasized that “the compromise of assets [likely] happened some time ago, and these messages of ‘help’ were timed strategically… This is not a smash-and-grab style of attack. It is nation-state versus nation-state and is being executed with intent and precision” [1].
Broader Cyber Warfare Campaign
The prayer app hack formed part of a wider cyber offensive targeting Iranian digital infrastructure during the Saturday attacks. Iranian state media outlets including IRNA, ISNA, Tabnak, and Asr-e Iran were simultaneously targeted in coordinated cyberattacks, with ISNA remaining inaccessible as of February 27, 2026 [1][2]. The timing coincided with Operation Epic Fury, the Pentagon-designated military operation that President Trump announced as “major combat operations” against Iran, aimed at destroying Iranian missiles and naval capabilities [6]. The cyber campaign demonstrates how modern conflicts increasingly integrate digital warfare alongside conventional military strikes, creating multiple pressure points against adversary nations.
Technical Vulnerabilities and Attribution Challenges
Digital rights researcher Narges Keshavarznia from the Miaan Group acknowledged the attribution uncertainty surrounding the hack, stating “At this point, we genuinely do not know who is behind them, whether it was Israel or other anti-government Iranian groups” [1]. The technical execution required advance planning and sustained access to the BadeSaba Calendar infrastructure, suggesting sophisticated capabilities beyond typical hacktivist operations [GPT]. The app’s popularity, with over 5 million downloads, made it an attractive target for reaching a broad Iranian audience during the critical moment of military strikes [1]. No hacker group has claimed responsibility for the operation, maintaining operational security consistent with state-sponsored cyber activities [1].
Infrastructure Disruption and Information Control
Iran’s response included severe restrictions on digital communications, with overall network traffic dropping to just 4 percent according to NetBlocks monitoring [1]. The internet blackout affected phone lines, SMS services, mobile data, and fixed broadband connections across the country, effectively limiting Iranians’ ability to communicate or access information during the strikes [1]. This digital isolation mirrors previous tactics employed during January 2026 mass protests, when Iranians experienced long-term blackouts as authorities sought to limit protest coordination [1]. The combination of cyber attacks against Iranian infrastructure and Iran’s own internet restrictions created a complex information warfare environment, where both sides sought to control narrative and communication channels during active military operations.