tags: [actor_profile, intelligence] last_updated: 2026-03-21 # IRGC Intelligence Organization ## Executive Profile (BLUF) The [[IRGC Intelligence Organization]] (IRGC-IO, or SAS) is [[Iran]]'s preeminent and most deeply entrenched intelligence and internal security apparatus. Formed in 2009 to consolidate domestic control, it operates independently of the civilian [[Ministry of Intelligence]] (MOIS) and reports directly to the Supreme Leader. Tasked with absolute regime preservation, counterespionage, and the systematic neutralization of internal and external opposition, the IRGC-IO functions as the regime's primary survival mechanism. Amidst the existential pressures of the early 2026 [[Operation Epic Fury]] and [[Operation Roaring Lion]] kinetic campaigns, the organization has adopted an acute wartime posture, focusing on securing the rapid succession of leadership, maintaining domestic compliance during high-risk periods, and projecting asymmetric cyber power against adversaries. ## Grand Strategy & Strategic Objectives The IRGC-IO's grand strategy is centered on "coup-proofing" the Islamic Republic, preempting domestic subversion, and completely eradicating foreign intelligence infiltration within Iran's political, nuclear, and military echelons. Regionally and globally, it seeks to map adversary critical infrastructure, surveil exiled dissidents, and utilize psychological warfare to alter adversary decision-making. In the current March 2026 operational environment, its immediate strategic imperatives are ensuring internal stability for Supreme Leader [[Mojtaba Khamenei]], reconstructing operational command-and-control networks degraded by recent airstrikes, and deploying its advanced cyber proxies to conduct disruptive, deniable retaliation against the [[United States]] and [[Israel]]. ## Capabilities & Power Projection **Kinetic/Military:** While primarily an intelligence organ, the IRGC-IO commands specialized tactical and counter-terrorism units that work in tandem with the [[Basij]] to execute lethal domestic security operations. It possesses a global extraterritorial reach through highly compartmentalized units—such as Unit 4000 (Special Operations) and Unit 1500 (Counterespionage)—which coordinate targeted assassinations, kidnappings, and surveillance of high-value dissidents across the [[Middle East]], Europe, and the Americas. **Intelligence & Cyber:** The organization operates a ubiquitous human intelligence ([[HUMINT]]) and mass surveillance network within Iran. Crucially, the IRGC-IO is the primary driver of Iran's offensive cyber capabilities, directing elite Advanced Persistent Threat (APT) groups such as [[APT42]] (also known as [[Charming Kitten]]) and [[Educated Manticore]]. These clusters specialize in sophisticated spear-phishing, credential harvesting, cloud infrastructure infiltration, and sustained espionage. Following the late February 2026 kinetic strikes, the IRGC-IO's cyber apparatus is focused on rapid infrastructure regeneration, safeguarding surviving assets, and executing destructive pseudo-ransomware attacks. **Cognitive & Information Warfare:** The IRGC-IO orchestrates expansive psychological operations ([[PsyOps]]) to demoralize opposition and control the domestic and international narrative. It actively utilizes state-sponsored cyber units, notably [[Cotton Sandstorm]], to conduct coordinated "hack-and-leak" operations and mass social media manipulation. These campaigns are designed to project regime resilience, amplify internal sociopolitical divides within adversary nations, and mask destructive cyberattacks as the work of independent, grassroots hacktivist collectives. ## Network & Geopolitical Alignment **Primary Allies/Proxies:** * [[Mojtaba Khamenei]] - The Supreme Leader and primary patron of the organization; his hardline consolidation of state power relies fundamentally on the IRGC-IO's security apparatus. * [[Ministry of Intelligence]] (MOIS) - Ostensibly a bureaucratic rival, but increasingly integrated into a joint, synergistic repression and surveillance apparatus under wartime directives. * Pro-Regime Hacktivist Collectives - Surrogate entities (e.g., [[Cyber Fattah]], [[Handala]]) utilized by the IRGC-IO to execute deniable, destructive cyber operations globally. **Primary Adversaries:** * [[Israel]] / [[Mossad]] - The primary intelligence adversary; responsible for a severe campaign of infiltration and the June 2025 airstrike that killed former chief [[Mohammad Kazemi]]. * [[United States]] - The main strategic adversary executing [[Operation Epic Fury]]; targeted by extensive IRGC-IO cyber reconnaissance, infrastructure probing, and election interference campaigns. * Domestic Opposition - The organization's primary, daily operational target, encompassing protest coordinators, ethnic minority insurgents, and exiled opposition groups systematically tracked by the counterespionage directorate. ## Leadership & Internal Structure The IRGC-IO functions as a highly compartmentalized "state within a state," bypassing the conventional armed forces and civilian oversight entirely. Its internal structure is currently undergoing a rigorous period of reorganization and internal vetting following severe intelligence failures and catastrophic leadership losses in 2025 and early 2026. * **Head of the Organization:** Brigadier General [[Majid Khademi]]. Appointed in June 2025 following the assassination of his predecessor, [[Mohammad Kazemi]], in an Israeli airstrike. Formerly the head of the IRGC Counterintelligence Protection Organization, Khademi is a hyper-cautious security veteran tasked with rooting out deep-state infiltration, terminating the "crisis of infiltration," and rebuilding the organization's compromised operational security. * **Internal Dynamics:** The IRGC-IO is currently operating under intense internal paranoia. Following the precise decapitation strikes that eliminated senior regime figures in February and March 2026, Khademi's directorate is aggressively purging suspected informants within the IRGC's own ranks while attempting to rapidly restore its localized intelligence networks ahead of the culturally significant Nowruz period, a historically high-risk window for renewed civilian uprisings.