The naming of an IRGC officer directing assassination and sabotage operations across Europe is a calibrated intelligence disclosure — the timing, weeks after the killing of IRGC Intelligence chief Majid Khademi, is almost certainly not coincidental.

Intelligence Lead

European intelligence sources have publicly identified the alleged operational controller of an active IRGC-linked assassination, espionage and sabotage network targeting Israeli and Western interests across multiple European countries — an unusual act of disclosure that signals a coordinated Western counter-intelligence campaign against Tehran's external operations arm during a period of structural disruption inside the IRGC. Alireza Mohammadi, assessed as operating under the alias Meghdad Hassani, is identified by a European intelligence source as the IRGC officer responsible for overseeing network activities including intelligence gathering, surveillance and reconnaissance against Israeli targets and US military installations. The disclosure follows confirmed attack activity on European soil, a foiled US-based assassination plot, and the targeted killing of IRGC Intelligence chief Majid Khademi in April 2026.

Situation Report

A European intelligence source, cited by Iran International, has identified Alireza Mohammadi — operating under the alias Meghdad Hassani — as the IRGC officer directing the network's European activities. According to the source, Mohammadi recruited and directed individuals across multiple countries, tasking them with intelligence gathering, surveillance, and reconnaissance against Israeli targets and US military installations. The network's operational scope encompasses at minimum espionage, sabotage and assassination activity.

Confirmed attack activity on European soil in early 2026 includes: a foiled bomb attack outside a Bank of America branch in Paris on 28 March, linked to Islamic Republic-connected proxy operatives; and an arson attack targeting Jewish ambulances in Golders Green, north London, claimed by an Iran-aligned group in the same month. In the United States, federal authorities confirmed a foiled IRGC-linked assassination plot targeting a senior US political figure as recently as May 2026. On 6 April 2026, Majid Khademi, head of IRGC Intelligence, was killed in a targeted strike attributed by Israeli officials to Israeli operations.

Background and Context

Iran's external operations model in Europe has undergone a significant structural evolution since 2019. Tehran has progressively outsourced operational tasks to European criminal networks, reducing the requirement for IRGC officers to maintain direct in-country presence while creating deniability layers that complicate both attribution and prosecution. This shift has expanded the network's operational footprint while reducing its visible intelligence signature.

IRGC recruitment has increasingly migrated to social media platforms, allowing operational tasking — including surveillance and direct action assignments — without face-to-face contact. This digital recruitment model has dramatically expanded the recruitable pool beyond the Iranian diaspora to include individuals with no prior connection to Iranian intelligence, further complicating interdiction by European security services. The targeting set now encompasses Israeli diplomatic facilities, Jewish community infrastructure, US government personnel, and commercial targets assessed as Israeli-linked.

Analysis and Assessment

The timing of this intelligence disclosure warrants close examination. Counterintelligence operations of the granularity required to identify a specific IRGC officer by name and alias — and map his recruitment and tasking methodology — typically require sustained penetration of IRGC communications or command structures. Available reporting indicates the decapitation of IRGC Intelligence leadership created the intelligence access that enabled this mapping: Khademi's elimination is assessed with moderate confidence to have disrupted communications security and operational compartmentalisation within the network, exposing Mohammadi and the cell structure to collection that was previously blocked.

The decision to publish the identification rather than act on it covertly suggests either that the operational phase of the counter-intelligence response has already concluded — the network sufficiently rolled up to make disclosure safe — or that Western services have assessed that public pressure on the IRGC's external operations is a more effective deterrent than continued covert action alone.

The network's outsourcing to criminal proxies creates a persistent detection problem for European services. Attacks executed through criminal intermediaries carry signatures indistinguishable from organised crime until post-incident forensic and intelligence work identifies the commissioning layer. This is a deliberate architectural feature, not an operational limitation — Iran has optimised specifically for the friction it creates in European attribution and legal processes.