Iran entered a second day of near-total internet blackout on Monday, March 2, as a widening conflict with the United States and Israel extended from the skies into cyberspace, cutting tens of millions of people off from the outside world.
Independent internet watchdog NetBlocks reported connectivity across the country had dropped to around 1 percent of ordinary levels, amounting to a national blackout of more than 48 hours. NetBlocks attributed the shutdown to a state-enforced measure, though Iranian authorities had not publicly commented.
The digital disruption began shortly after the United States and Israel launched coordinated strikes under operations described by President Donald Trump as “major combat operations,” targeting Iran’s missile and nuclear infrastructure. Targets included Tehran, Isfahan, Qom, Karaj, and Kermanshah, with strikes reportedly damaging Supreme Leader Ali Khamenei’s compound and disrupting senior security leadership communications.
Director of Internet Analysis at Kentik, Doug Madory, recorded two significant traffic declines on the day of the strikes, first at 07:06 GMT and again at 11:47 GMT, after which only limited connectivity was observed. Madory suggested the residual traces of activity could reflect a government whitelisting system granting selective access to institutions deemed loyal to the authorities.
The blackout follows a well-documented pattern. Iran has historically blocked the internet to suppress protests, having done so in 2019, 2022, and during the twelve-day conflict with Israel in June 2025. In January 2026, a similar shutdown during protests cost the economy an estimated $35.7 million per day.
A Parallel Offensive Online
Cybersecurity researchers reported that American and Israeli actors targeted multiple government-aligned Iranian news websites. The BadeSaba Calendar, a widely used religious app with more than five million downloads, was also compromised, displaying messages urging the armed forces to abandon their weapons and join the public.
Analysts described the operation as the largest cyberattack in history against Iran, with internet connectivity collapsing to a fraction of normal levels while critical infrastructure, official news sites, and security communications systems stopped functioning. The United States Cyber Command did not respond to requests for comment.
On Sunday, cybersecurity firm Sophos issued an advisory warning that proxy groups and ideologically motivated actors aligned with Iran could target Israeli and American-affiliated military, commercial, or civilian organisations using ransomware, destructive wiper malware, distributed denial-of-service attacks, and hack-and-leak operations.
CrowdStrike’s head of counter adversary operations, Adam Meyers, said the firm was already observing activity consistent with Iranian-aligned threat actors conducting reconnaissance and initiating denial-of-service attacks, warning that such behaviours often precede more aggressive operations.
As Iran launched retaliatory ballistic missiles and drone attacks against American bases and allied targets across the region, analysts warned that cyber operations could serve as one of Tehran’s most flexible tools for retaliation, ranging from disruptive attacks and influence campaigns to targeted intrusions pressuring critical services.
Whether the ongoing blackout is primarily the result of state controls, external cyber operations, or both remains unclear. For millions of Iranians, the combined effect is the same: the outside world has once again gone silent.


