Mirsad Sarajlic | Istock | Getty Images
Iran is facing a severe internet blackout impacting its population of over 90 million as the country’s conflict with the U.S. and Israel continues.
The country has now spent over 60 hours in a near-total internet blackout, according to data from independent internet watchdog NetBlocks posted on Tuesday, which showed connectivity at around 1% of ordinary levels.
NetBlocks has attributed the blackout to a “regime-imposed” nationwide internet shutdown, though the country’s government has not commented.
Internet shutdowns have been used in the past during periods of social unrest. A similar near-blackout was also imposed for several weeks in January amid widespread protests in the country.
Any remaining limited activity could be tied to Tehran’s “whitelisting” system, which allows internet access for groups loyal to the government and essential to its operations, internet analyst Doug Madory said in a post on X.
Other analysts said that additional factors may be contributing to the internet disruption.
“While the actual cause is still unclear, it’s almost certainly a combination of both state-ordered suppression and external cyber disruption,” Kathryn Raines, cyber threat intelligence team lead at intelligence platform Flashpoint, told CNBC.
“Historically, the Iranian regime’s go-to tactic during times of crisis is to sever internet access to control the domestic narrative and mask internal security crackdowns,” she said.
“However, we also know that concurrent U.S.-Israeli cyber operations deliberately targeted telecommunications infrastructure to disrupt the Islamic Revolutionary Guard Corps’ (IRGC) command-and-control networks during the kinetic strikes.”
U.S.-Israeli cyberattacks
Reports have suggested that U.S. and Israeli actors have carried out cyberattacks on Iranian sites and infrastructure along with airstrikes.
According to Reuters, U.S.-Israeli actors have targeted multiple government-aligned Iranian news websites with hacks and cyberattacks.
Those attacks also extended to BadeSaba Calendar, a popular religious calendar app with over 5 million downloads, which had been compromised to display alerts urging the armed forces to “give up weapons and join the people” and declaring “It’s time for reckoning.”
Flashpoint’s Raines told CNBC that they had observed Iranian users capturing screenshots of the unauthorized push notifications.
That user-generated evidence confirmed that, at least in one instance, cyber and psychological warfare campaigns had successfully bypassed Iranian state censors before the regime could lock down the network, Raines said.
U.S. Cyber Command did not respond to requests for comment. CNBC was unable to reach the owners of BadeSaba for comment.
In January, Iranian state television was reportedly hacked, briefly showing speeches by U.S. President Donald Trump and the exiled son of Iran’s last shah calling on the public to revolt.
Cyber retaliation?
Analysts say that the lack of internet connectivity in Iran is likely to add to the fog of war, with citizens on the ground unable to communicate with their families, document events or get real-time updates on the conflict.
Cybersecurity firms warned that Iran is likely to respond with cyberattacks, either carried out directly by the government or by affiliated proxy groups.
In a statement shared with CNBC, Adam Meyers, head of counter adversary operations at CrowdStrike, said the firm was “already seeing activity consistent with Iranian-aligned threat actors and hacktivist groups conducting reconnaissance and initiating [denial-of-service] attacks.”
“These behaviors often precede more aggressive operations,” Meyers said.
“In past conflicts, Tehran’s cyber actors have aligned their activity with broader strategic objectives that increase pressure and visibility at targets, including energy, critical infrastructure, finance, telecommunications, and healthcare.”
In a law enforcement bulletin reportedly issued shortly after U.S. strikes began, the Department of Homeland Security warned that Iran-aligned hacktivists could conduct low-level cyber attacks against U.S. networks, though it said a large-scale physical attack was unlikely.
According to Flashpoint’s Raines, attacks from Iranian-proxy groups are more likely than a coordinated, top-down state response, due to strikes degrading Tehran’s central command.
Regardless, the conflict demonstrates that cyber operations are no longer a secondary theater, but a fully integrated weapon of hybrid warfare, she said.
“I foresee that the blowback from this physical conflict will primarily be fought in the cyber domain, even long after the missiles stop dropping.”
