Iran is claiming that Cisco, Juniper, Fortinet, and MikroTik devices rebooted or went dark at the precise moment U.S. and Israeli strikes began against Isfahan, even after Iran had already cut itself off from the global internet.

What’s happening: Iranian state media attributes it to hidden firmware or backdoors triggered by satellite signal or a pre-set timer. None of this has been independently verified, and Iranian state media carries obvious credibility problems. But the U.S. did confirm that Cyber Command and Space Command were, in the words of the Chairman of the Joint Chiefs, "the first movers" in Operation Epic Fury, conducting coordinated space and cyber operations to disrupt Iranian communications and sensor networks before the first kinetic strike landed.

The specific vendors named aren't arbitrary. Every company on Iran's list has a documented incident that maps directly to the kind of capability Iran is describing. NSA documents leaked in 2014 showed Tailored Access Operations intercepting Cisco routers in transit and installing implants before reshipment. Juniper disclosed unauthorized code in its NetScreen firmware in 2015 that could decrypt VPN traffic. Fortinet acknowledged hardcoded SSH credentials in FortiOS in 2016. MikroTik has a documented 2019 vulnerability chain that enabled firmware downgrade and persistent backdoor installation. None of this confirms Iran's specific claims. It does confirm that the underlying attack surface is real, has been exploited before, and isn't theoretical.

China moved quickly to amplify the allegations. Its National Computer Virus Emergency Response Center, the same body that has repeatedly claimed Volt Typhoon was a U.S. fabrication, promoted Iran's account as further evidence of American hardware backdoors. The timing is deliberate. Volt Typhoon attribution by Five Eyes agencies accused Chinese state actors of pre-positioning in Western critical infrastructure, and Beijing has strong incentive to muddy that narrative with a counter-example. Whether or not Iran's claims hold up, China is making sure the story travels, and in the court of international opinion, repetition does a lot of the work that evidence is supposed to do.

Iran's internet has now been offline for over 60 consecutive days, sitting at roughly one percent of pre-war connectivity, the longest national shutdown on record. That's the visible part. The more interesting question is what happened in the 30 seconds before the lights went out.

This Reddit thread provides additional commentary, and some laughs, on the events unfolding.