X-twitter Youtube

Intelligence Command Center // Terror group profile //

Islamic State – Khorasan Province (ISKP)

Islamic State

area of operation

Indian Subcontinent, Central Asia

Specific AOR

Nangarhar, Kunar, Kabul, and Tajikistan border

Volatility Index

VI-5 – Critical

Ideological Alignment

Salafi-Jihadism (Global Jihad)

force strength

4,000-6,000

Leadership

Sanaullah Ghafari (Shahab al-Muhajir)

Headquarters

Kunar // Nangarhar

SIGNATURES //

TECHNICAL PROFILE
Tier 2 - High-Tier / Professionalized
OPERATIONAL SIGNATURE
Asymmetric / Terror-Focused
SPATIAL PROFILE
Urban / Sleeper-Cell Integration

Operational Brief //

A highly lethal, globally focused non-state network that has successfully transitioned from a territory-holding militia into a decentralized, transcontinental external operations (ExOps) syndicate. Despite facing aggressive, high-tempo counter-terrorism clampdowns and intelligence-driven extraction campaigns by the de facto Afghan authorities (IEA), ISKP has preserved its operational core. Operating under the strategic direction of Sanaullah Ghafari (alias Shahab al-Muhajir), the group has capitalized on the escalating border instabilities along the Pakistan-Afghanistan border to carve out critical security vacuums.

Leadership & Command Structure

  • Command Element: Operating under a highly insulated, compartmentalized regional shura that answers structurally to the broader ISKP core command leadership based in the region. Following targeted counter-terrorism operations, leadership has shifted away from high-profile figures toward specialized operational networks led by veteran urban operatives.
  • Leadership Doctrine: Strict horizontal cell management combined with decentralized tactical execution. The group relies on autonomous, self-activating urban cells and localized networks to survive intensive state-level intelligence pressure.
  • Regional Management: Managed through specialized provincial sectors (primarily focused on Balochistan, Khyber Pakhtunkhwa, and urban centers in Sindh and Punjab). The command element maintains strict, encrypted digital communications to synchronize operations without exposing the central leadership core.

Regional Center-of-Gravity (Current Focus)

  • Primary Growth Theater: The Afghanistan-Pakistan border regions and the rugged, non-demarcated border frontiers of Balochistan and Khyber Pakhtunkhwa. The group exploits the security vacuums along the Pakistan-Afghanistan border to establish hidden staging facilities and run cross-border movement corridors.
  • Operational Hub: The urban fringes and clandestine safe houses of Quetta, Peshawar, and Karachi. These highly populated urban and semi-urban centers are utilized for low-profile recruitment, bomb assembly, financial processing, and target surveillance.
  • Secondary/Support Theaters: Digital propaganda networks and virtual safe spaces utilized to target educated, middle-class youth in urban capitals, alongside remote logistical fallback tracks crossing the interior desert corridors of Balochistan.

Intelligence Behavioral Matrix (TRAP-18/VERA-2R)

  • High-Risk Indicators: Masterful implementation of the “Sectarian Out-bidding” model,executing highly lethal attacks to challenge the operational dominance of rival groups; rapid acquisition of advanced explosive components; and a calculated focus on recruiting technically proficient operatives to launch cyber-kinetic or complex urban plots.
  • Volatility Index: High. The entity exhibits an aggressive, high-yield kinetic profile, prioritizing mass-casualty sectarian bombings, suicide operations against political rallies, and targeted assassinations of state personnel and religious scholars.

Disruption Vector Matrix //

vector //

vulnerability //

disruption strategy //

logistics //

Complete dependence on porous transit tracks along the Pakistan-Afghanistan border and vulnerable urban safe houses to move operatives and explosive precursors.

Integrated Border Denial & Urban Sweeps: Expand real-time biometric tracking at border interfaces, reinforce intelligence-led raids on municipal fringes, and deploy persistent technical surveillance over cross-border corridors.

financial //

High reliance on decentralized digital asset streams (cryptocurrency routing), informal hawala networks, and small-scale local extortion pipelines.

Algorithmic Asset Tracking: Deploy advanced financial intelligence and blockchain analytics to trace digital wallet addresses, monitor informal currency exchanges, and freeze proxy accounts laundering capital.

leadership //

Vulnerability to extreme counter-intelligence pressure, structural isolation from the global core, and intense operational friction with both state forces and rival insurgent networks.

Information Operations & SIGINT Exploitation: Maximize signal intelligence (SIGINT) to intercept and compromise encrypted command links, while running aggressive counter-narrative campaigns to amplify internal strategic rifts and trigger localized defections.

Threat Matrix //

OPERATIONAL REACH: 5 – Critical (Transnational/Multi-Theater)
KINETIC CAPABILITY: 4 – High (Advanced SALW/Thermal Optics/Coordinated Ambushes)
LOGISTICAL RESILIENCE: 4 – High (Sustained Cross-Border Safe Havens/Diversified Revenue)
INFORMATION INFLUENCE: 5 – Critical (Global Information Operations/Dominant Strategic Narrative)

OVERALL THREAT INDEX
4.50

operational reach //

Transnational/Global. ISKP possesses the most advanced, active external operations (ExOps) planning matrix among contemporary jihadist entities. Moving completely beyond localized footholds, its kinetic and facilitation networks span Central Asia, Turkey, Russia, Iran, and Western Europe. Its regional theater expands dynamically through a calculated, permanent push into Pakistan’s Balochistan corridor, designed to systematically exploit security gaps created by state focus on ethnonationalist insurgencies.

kinetic capability //

Advanced Asymmetric. While the group rarely fields conventional massed formations due to continuous IEA ground pressure, its asymmetric lethality remains high. ISKP specializes in high-impact urban spectaculars, sectarian suicide campaigns, and targeted assassinations of senior state figures. This was demonstrated via the early 2026 targeted attacks on Chinese commercial and mining installations in Kabul’s heavily fortified Shahr-e-Naw district, alongside devastating multi-casualty suicide bombings in Bajaur and mainland regional hubs.

logistical resilience //

Structured to Self-Sustaining. Operating via a highly resilient, modular network of autonomous, decentralized clandestine cells, the organization is structured to survive intense leadership decapitation. Financially, ISKP is highly secure, utilizing sophisticated, multi-layered cryptocurrency networks, illicit informal value transfer systems (hawala), and a global fundraising architecture centered in transit hubs across Turkey and the South Caucasus that remains largely insulated from localized physical asset seizures.

information influence //

Strategic Narrative Dominance. Through its primary multilingual media factory, the Al-Azaim Foundation, and its flagship English-language publication Voice of Khurasan, ISKP commands the digital radicalization ecosystem. Its propaganda is aggressively tailored to specific ethnic minorities (Tajiks, Uzbeks, Baloch) across Eurasia—framing the IEA as a corrupt, nationalist puppet of Beijing and Moscow. This sophisticated media machinery actively weaponizes regional security crackdowns to mobilize and recruit disenfranchised migrant workforces worldwide.

analytical note //

ISKP presents a complex threat profile defined by “strategic patience.” By deliberately shifting its posture from holding territory to functioning as a transnational network, the group has successfully out-navigated traditional counter-insurgency doctrines. The outbreak of open border conflicts between regional states provides ISKP with the exact structural vacuum required to expand its footprint, reposition tactical assets, and orchestrate transcontinental operations under the radar of strained state intelligence services.

Kinetic and Multi-domain capabilities //

Primary adversary//

IEA (Taliban), Iran, United States, Russia

weaponry focus

Ak 74
Svest Pbied
Ieds Efp
Sniper Special

Geopolitical and Logistics //

financial vectors

Extortion
Crypto
Is Funding
Local Funding

RESTRICTED: STRATEGIC DISRUPTION //

Urban attrition and sectarian provocation

affiliated entities //

Division / Zone Sub-Unit / Waliyat Commander / Minister Intelligence Focus
Division / Zone Sub-Unit / Waliyat Commander / Lead Intelligence Focus
Supreme Leadership Shura Advisory Council Shahab al-Muhajir (Emir) Global Caliphate Ideology & Urban Shift
Northern Command Jowzjan / Faryab Mawlavi Habib ur Rehman Successor to Qari Hekmat; Northern Recruitment
Eastern Command Nangarhar / Kunar Maulawi Rajab Traditional Operational Base & Border Transit
Central / Urban Kabul Logistics Ismatullah Khalozai Urban Warfare Operations & Foreign Infiltration
Media / Propaganda Mu'assisat al-Azaim Sultan Aziz Azzam Official Media & Regional Narrative
Media / Propaganda Khorasan Voice Sultan Aziz Azzam Main Media & Magazine Production
Media / Propaganda Khalifat Radio Dr. Abid ur-Rahman Regional Broadcast (Nangarhar/Mohmand)
Media / Propaganda al-Hadid Media Sultan Aziz Azzam
Media / Propaganda al-Mubarizun Media Abu Nu'man al-Kandahari (aka Julaibib)
Media / Propaganda Ghazwa Agency Abu Pashyi Irhabi
Media / Propaganda Haqiqat Media Farmanullah Kandahari (aka Abu Yaazid al-Khurasani)
Media / Propaganda al-Mu'min Media Abu Hamza al-Bajauri
Intelligence Amniyat (Security) Maulawi Habib ur Rehman Counter-intelligence against GDI & TTP
Financial Node Central Hawala Network Decentralized Cryptocurrency & Illicit Trade Management
Tactical Ops Inhimashi Cells Sultan Aziz Azzam (Legacy) High-Yield Suicide Operations (PBIED/VBIED)
CYBER & TECHNICAL ASSESSMENT //

I. CRYPTO-FINANCIAL LOGISTICS: ISKP utilizes decentralized finance (DeFi) and privacy-focused cryptocurrencies (e.g., Monero) to bypass international banking sanctions. These digital assets are moved through tumblers and “nested” exchanges to fund regional kinetic operations and facilitate the travel of foreign terrorist fighters (FTFs).

II. MULTI-LINGUAL DIGITAL RECRUITMENT (VOICE OF KHORASAN): Deploys automated bot-networks and high-fidelity digital media cells to disseminate multilingual propaganda across encrypted channels (Telegram/RocketChat). Their technical cells specialize in counter-censorship, frequently deploying mirror sites and IP-rotation to maintain presence.

III. DECENTRALIZED C2 (COMMAND & CONTROL): Employs “blind-drop” digital communication TTPs where nodes remain compartmentalized. By utilizing end-to-end encrypted platforms with self-destructing metadata, ISKP maintains an operational security (OPSEC) standard designed to withstand state-level signal intelligence (SIGINT) penetration.

[← RETURN TO GLOBAL TERROR GLOSSARY]