Pro-Iran hackers claim ‘sophisticated’ attack on Bluesky

A pro-Iran hacking group that has been relentlessly targeting American companies with DDoS attacks claims it disrupted Bluesky with what the social media site called a “sophisticated” attack that “intensified” on Thursday.

The Islamic Cyber ​​Resistance in Iraq – 313 Team claimed to be behind a mid-March Microsoft outage and took credit for hitting the X platform at the end of the month.

313 Team said on their Telegram channel that the Bluesky attack “peaked at 1 terabyte.”

The group announced early Thursday that they “carried out a massive cyber attack targeting the API of the Bluesky social networking platform.”

“The attack disrupted the display of posts and caused other malfunctions, including the app’s registration panel crashing,” 313 Team said. “This means that the social networking site is now completely down and unresponsive.”

They initially said the attack would last for three hours — a characteristic declaration for the group — but then tacked on another eight hours as Bluesky acknowledged “the significant outages it experienced as a result of our attacks.” They posted screenshots from Downdetector that reflected user about 2,500 reports of user disruptions.

On Thursday afternoon, 313 Team announced, “The attack is expected to continue for another 10 hours.”

Bluesky posted on the platform Thursday evening: “We are experiencing some service interruptions and our team is working on the issue.”

“Our team received a report of intermittent app outages at about 11:40pm PDT on April 15, 2026,” they posted later in the evening. “They worked through the night to mitigate a sophisticated Distributed Denial-of-Service (DDoS) attack, which intensified throughout the day.”

“We have not seen any evidence of unauthorized access to private user data,” Bluesky continued. “The attack is impacting our application, with users experiencing intermittent interruptions in service for their feeds, notifications, threads and search.”

On Friday afternoon, Bluesky said that the app had been stable since about midnight Eastern time “despite ongoing” DDoS attacks. “We have not seen any evidence of unauthorized access to private user data,” the company said, adding that they would provide an update on or before Monday morning. Downdetector today showed a smattering of user reports indicating trouble.

On Friday evening, 313 Team posted that “the attack is still ongoing, with its intensity exceeding 1 terabyte.”

“We would also like to note that Bluesky’s status page — which the company directs users to visit — is currently down as well,” they said. The status page is up as of this afternoon and says “all systems operational.”

313 Team said late Friday that “all affected servers have since been restored and are back online.”

But today, the hacking group said the attack was back on, targeting the operation of the Bluesky status page this morning for four hours.

313 Team also claimed today that they attacked the servers of movie theater company Cinemark. Downdetector reflects a peak of 162 user reports at 10:29 a.m. EST; the 313 Team’s Telegram post is timestamped 10:36 a.m.

“The attack has been halted thanks to a rapid response and adjustments to the website’s security measures to counter the assault,” 313 Team said shortly afterward.

The group also said Tuesday that it “executed a massive cyberattack targeting the servers of Amazon Prime Video,” as well as one against Dropbox that was countered by the company’s security measures.

On Wednesday, 313 Team said it targeted Yahoo and AOL. They also claimed an attack on Clever, an education sector platform.