Mirsad Sarajlic | Istock | Getty Images
Iran has entered its fourth day of an internet shutdown impacting its population of over 90 million as the country's conflict with the U.S. and Israel spills into the cyber domain.
The nation has now spent over 72 hours in a near-total internet blackout, according to data from independent internet watchdog NetBlocks posted on Tuesday, which showed connectivity at around 1% of ordinary levels.
NetBlocks has attributed the blackout to a "regime-imposed" nationwide internet shutdown, though the country's government has not commented.
Any remaining activity could be tied to Tehran's "whitelisting" system, which allows internet access for groups loyal to the government and essential to its operations, internet analyst Doug Madory said in a post on X.
Iran has implemented internet shutdowns during periods of social unrest in the past. A similar near-blackout was imposed for several weeks in January amid widespread protests in the country.
However, some analysts said that additional factors may be contributing to the internet disruption.
"While the actual cause is still unclear, it's almost certainly a combination of both state-ordered suppression and external cyber disruption," Kathryn Raines, cyber threat intelligence team lead at intelligence platform Flashpoint, told CNBC.
"Historically, the Iranian regime's go-to tactic during times of crisis is to sever internet access to control the domestic narrative and mask internal security crackdowns," she said.
"However, we also know that concurrent U.S.-Israeli cyber operations deliberately targeted telecommunications infrastructure to disrupt the Islamic Revolutionary Guard Corps' (IRGC) command-and-control networks during the kinetic strikes."
Reports suggest that U.S. and Israeli actors have carried out cyberattacks on Iranian websites and internet infrastructure, along with their airstrikes.
That has included attacks targeting multiple government-aligned Iranian news sites, according to Reuters.
BadeSaba Calendar, a popular religious calendar app with over 5 million downloads, was also compromised and used to display alerts urging Iranian armed forces to "give up weapons and join the people" and declaring "It's time for reckoning."
Flashpoint's Raines told CNBC that they had observed Iranian users capturing screenshots of the unauthorized push notifications on the app.
That user-generated evidence confirmed that, at least in one instance, cyber and psychological warfare campaigns had successfully bypassed Iranian state censors before the regime could lock down the network, Raines said.
U.S. Cyber Command did not respond to inquiries. CNBC was unable to reach the owners of BadeSaba for comment.
In January, Iranian state television had reportedly been hacked, briefly showing speeches by U.S. President Donald Trump and the exiled son of Iran's last shah calling on the public to revolt.
Analysts say that the lack of internet connectivity in Iran is likely to add to the fog of war, with citizens on the ground unable to communicate with their families, document events or get real-time updates on the conflict.
Cybersecurity firms warned that Iran is also likely to respond with cyberattacks, either carried out directly by the government or by affiliated proxy groups.
In a statement shared with CNBC, Adam Meyers, head of counter adversary operations at CrowdStrike, said the firm was "already seeing activity consistent with Iranian-aligned threat actors and hacktivist groups conducting reconnaissance and initiating [denial-of-service] attacks."
"These behaviors often precede more aggressive operations," Meyers said.
"In past conflicts, Tehran's cyber actors have aligned their activity with broader strategic objectives that increase pressure and visibility at targets, including energy, critical infrastructure, finance, telecommunications, and healthcare."
In a law enforcement bulletin reportedly issued shortly after U.S. strikes began, the Department of Homeland Security warned that Iran-aligned hacktivists could conduct low-level cyber attacks against U.S. networks, though it said a large-scale physical attack was unlikely.
According to Flashpoint's Raines, attacks from Iranian proxy groups are more likely than a coordinated, top-down state response, due to strikes degrading Tehran's central command.
Regardless, the conflict demonstrates that cyber operations are no longer a secondary theater, but a fully integrated weapon of hybrid warfare, she said.
"I foresee that the blowback from this physical conflict will primarily be fought in the cyber domain, even long after the missiles stop dropping."