🇮🇶 IQ

Asaib Ahl al-Haq

Also known asAsaib Ahl al-Haq

Asaib Ahl al-Haq is an Iraqi pro-Iranian Shia militia reported in the provided content to maintain close ties with the Quds Force of Iran’s Islamic Revolutionary Guard Corps (IRGC). In the cited investigation, a Telegram channel affiliated with Asaib Ahl al-Haq first published Harakat Ashab al-Yamin al-Islamia (HAYI)’s claim of responsibility for the 9 March improvised explosive device attack in front of a synagogue in Liège, Belgium. The content also states that a 7 March encrypted message on an Asaib Ahl al-Haq Telegram channel granted permission to “all silent cells” to take action and was later referenced in messaging about the Liège attack. More broadly, Asaib Ahl al-Haq-linked channels were part of a pro-Iranian dissemination ecosystem that rapidly amplified HAYI claim videos and incident reporting related to attacks targeting Jewish and Israeli-linked sites in Belgium, the Netherlands, and the United Kingdom. The material does not attribute direct operational responsibility for those attacks to Asaib Ahl al-Haq, but it does place the group within an IRGC-aligned information and proxy network connected to messaging around those incidents. Known alias in the provided content: asaib_ahl_al_haq.

Are they targeting you?

Know when an actor pivots toward your sector

Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.

Start free trial

OPERATIONAL PROFILE

Targeting

Who, where, and (when attributed) which flag flies behind the operation. Pulled from open-source reporting and Mallory's analyst review.

Where they're from

Attributed origin per open-source reporting.

MITRE ATT&CK

Tradecraft

1 distinct technique observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.

1 of 15 tactics2 techniques×N= number of intelligence reports citing this technique

MITRE ATT&CK

TA0043

Reconnaissance

1 technique

T1593

Search Open Websites/Domains

T1593.001

Social Media

ACTIVITY FEED

Recent activity

1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

1 SOURCESView more in app

icctNews

Mar 23, 2026

Hybrid Threat Signals: Assessing Possible Iranian Involvement in Recent Attacks in Europe | International Centre for Counter-Terrorism - ICCT

An Iraqi pro-Iranian Shia militia whose affiliated Telegram channel was used to disseminate HAYI claim material; described as closely tied to the IRGC Quds Force and part of the pro-Iranian ecosystem amplifying the attack campaign.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: sector and geo overlap with your footprint, the IOCs they’re burning right now, detection coverage, and what to do next.

Start free trial

Target overlap

Match sector + geo + tech-stack targeting against your real footprint.

Tradecraft mapping1

Every observed MITRE ATT&CK technique, grouped by tactic.

Malware arsenal

Families this actor is known to deploy, with IOCs and behavior.

Exploited CVEs

CVEs this actor has used in known campaigns.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Observables

Domains, IPs, and hashes tied to this actor, refreshed continuously.