Iran-Aligned “313 Team” Claims Truth Social Cyberattack Amid Escalating Digital Crossfire

A hacking collective linked to Iran says it crippled former President Donald Trump’s social-media network Truth Socialwith a wave of artificial traffic, just hours after U.S. forces struck three Iranian nuclear facilities over the weekend.

The Center for Internet Security (CIS) confirmed on Monday that the group—calling itself “313 Team”—took credit for a distributed-denial-of-service (DDoS) barrage late Saturday. The disruption coincided with a spike in user complaints as Truth Social slowed to a crawl and returned error messages for roughly 90 minutes.

“We observed a sustained DDoS campaign originating from infrastructure previously attributed to Iranian state-aligned actors,” a CIS spokesperson said. Investigators detected traffic floods exceeding 400 gigabits per second, enough to overwhelm the platform’s front-end servers.

Triggered by Trump’s post

According to incident logs reviewed by cybersecurity analysts, the assault began less than 20 minutes after Mr Trump posted a celebratory update about what he called a “very successful attack” on Iran’s Fordow, Natanz and Esfahan nuclear sites. Within moments, monitoring service Downdetector recorded thousands of outage reports, peaking around 11:15 p.m. EST.

Truth Social’s parent company, Trump Media & Technology Group, has not publicly detailed the attack but said service was “fully restored” early Sunday. No user data is believed to have been compromised.

Part of a wider cyber tit-for-tat

Digital skirmishes have intensified as geopolitical tensions flare between Iran, Israel and the United States:

• Predatory Sparrow (Gonjeshke Darande)—an Israeli-linked hacking outfit—last week siphoned more than US $90 million from Nobitex, Iran’s largest crypto exchange. Blockchain analysts say the thieves lacked the private keys to move the funds further, effectively burning them.

• The same group claimed responsibility for bringing down a state-owned Iranian bank 24 hours earlier, wiping key databases in what it called a “warning shot.”

Iranian cyber units have long centred on disruptive DDoS tactics and ransomware, while Israeli and Western groups increasingly favour precision hacks that destroy data or drain digital wallets.

Political stakes

Cyber experts warn that the Truth Social incident highlights a growing willingness by state-aligned actors to hit symbolic rather than purely strategic targets.

“Striking the personal platform of a former U.S. president is a high-visibility move aimed at shaping public perception as much as causing downtime,” said Maya Patel, senior analyst at the Atlantic Cyber Council. She added that such attacks can quickly spill over to adjacent services that share hosting providers.

What happens next

U.S. Cyber Command and the Department of Homeland Security are assisting Truth Social with a forensic review and have raised the threat level for social platforms deemed “politically sensitive.” CIS advises operators to harden defenses with:

• Layer 7 traffic filtering to block bot-generated spikes

• Rate-limiting and geo-fencing for regions linked to hostile infrastructure

• Real-time threat intelligence feeds to detect copycat attacks

For now, Truth Social remains online, but security analysts caution that retaliatory strikes—digital or kinetic—could keep both Iranian and Israeli-connected hacker groups on a short fuse. With sabotage campaigns mounting on all sides, platforms carrying political weight are likely to stay squarely in the crosshairs.

Photo Credit: DepositPhotos.com