Harakat Ashab al-Yamin al-Islamia

Harakat Ashab al-Yamin al-Islamia (HAYI), also referred to as Ashab al-Yamin, is a previously unknown group that emerged in 2026 claiming responsibility for a series of low-casualty attacks across Europe, primarily against Jewish, Israeli-, American-, and Zionist-linked targets. Claimed incidents mentioned in the content include the 9 March firebomb or IED attack on a synagogue in Liège, a 13 March synagogue attack in Rotterdam, a 14 March attack on a Jewish school in Amsterdam, a 16 March attack on a commercial centre or the World Trade Center in Amsterdam, a 23 March attack in the United Kingdom involving ambulances associated with a Jewish community organization, and an April 2026 claim targeting a building associated with Christians for Israel in Nijkerk, Netherlands. The content also notes additional claims relating to Greece, France, and Haarlem, but assesses some of those as likely disinformation or unsupported by public evidence. Its observable presence was concentrated on Telegram, where it published or redistributed attack claims, propaganda, and geopolitical commentary. The group’s Telegram footprint was fragmented and unstable, with limited persistent content, heavy reliance on secondary or supporter channels for redistribution, and apparent removal of its primary Telegram channel by early April 2026. Secondary channels such as Safee al-Deen continued circulating material attributed to the group. Claim videos and posts were disseminated through Telegram and X channels linked to pro-Iranian networks, including channels associated with Iraqi Shia militias. The content specifically notes early dissemination through channels assessed as affiliated with Liwa Zulfiqar and Asaib Ahl al-Haq. HAYI messaging was primarily in Arabic, and the alleged official channels and branding reportedly contained inconsistencies, including misspellings and logo errors. Multiple sources in the content assess that HAYI may not be a mature, centralized militant organization. Instead, it is described as possibly functioning as a front identity, façade, or loosely coordinated media construct used to claim attacks carried out by locally recruited or externally recruited individuals. The Foundation for Defense of Democracies assessed that it may function less as a centralized organization and more as a front identity. The content highlights inconsistent media quality, lack of formal statements or leadership messaging, and dependence on redistribution through a broader Telegram ecosystem. The strongest reported indicators of Iranian alignment come from the group’s digital footprint and dissemination patterns. The International Centre for Counter-Terrorism (ICCT) assessed that the modus operandi and especially the online dissemination of HAYI claim messages were the main indicators of a link to Iran’s Islamic Revolutionary Guard Corps (IRGC). The content repeatedly places HAYI within a broader Iranian-aligned or IRGC-aligned Telegram ecosystem and notes overlap with channels tied to the so-called Islamic Resistance environment. Video content reposted by HAYI reportedly contained Sabereen News branding; Sabereen News is described in the content as a Telegram-based media outlet widely associated with Iranian-aligned networks and assessed by cited sources as showing strong indicators of links to the IRGC-Quds Force. The content also notes that HAYI claims and narratives were amplified through channels associated with Iraqi pro-Iranian militias. Operationally, the attacks described in the content were typically nighttime or early-morning incidents causing limited damage and intended more for intimidation and confusion than mass casualties. The ICCT characterized this pattern as consistent with Iranian hybrid warfare. The content further states that attackers were likely recruited locally, including youths on the margins of criminal gangs, and that this use of disposable local actors fits the broader pattern discussed in the reporting. Known alias: Ashab al-Yamin. Abbreviation used in the content: HAYI.