Foreign Operative Sent Deadly Instructions Through Encrypted Apps; Probe Links Similar DIY Attacks
New Delhi, November 22, 2025 — Security agencies investigating the Red Fort blast have uncovered chilling evidence. A foreign handler sent 42 bomb-making videos to an arrested doctor through encrypted apps. This revelation exposes a sophisticated terror network that orchestrated one of Delhi’s deadliest attacks.
Officials confirm the handler, operating under the alias “Hanzullah,” transmitted detailed explosive-making tutorials to Dr. Muzammil Ahmad Ganai. The 35-year-old physician from Faridabad’s Al Falah Medical College received these deadly instructions before authorities arrested him. Moreover, investigators recovered over 2,500 kilograms of explosive material from his residence, including 350 kilograms of ammonium nitrate.
The Red Fort blast bomb-making videos represent a dangerous trend in modern terrorism. Foreign operatives now guide educated professionals remotely to execute devastating attacks. Additionally, probe agencies examine whether these handlers orchestrated similar do-it-yourself bombings across India in recent years.
Digital Terror Network Exposed
The investigation reveals three suspected foreign handlers coordinating the Red Fort blast module. Operating through pseudonyms “Hanzullah,” “Nisar,” and “Ukasa,” these individuals guided doctors in assembling explosives. Furthermore, they pushed the module toward executing a suicide attack that claimed 15 innocent lives.
“Hanzullah” maintained regular contact with Dr. Ganai through encrypted messaging platforms. These communications included step-by-step instructions for bomb assembly using everyday materials. Consequently, the Red Fort blast bomb-making videos became the blueprint for the devastating November 10 attack.
Dr. Ganai worked closely with Dr. Umar Un Nabi, who ultimately carried out the suicide bombing. The 36-year-old physician drove a Hyundai i20 packed with improvised explosive devices near the iconic monument. The blast occurred around 6:50 PM, transforming a bustling evening into a nightmare for dozens of families.
Turkey-Based Handler Under Scanner
Investigators trace one handler, “Ukasa,” to Ankara, Turkey. This connection raises serious questions about international terror coordination. Similarly, Mohammed Shahid Faisal emerges as a person of interest in the case. Known by aliases “Colonel,” “Laptop Bhai,” and “Bhai,” Faisal allegedly coordinated multiple terror modules since 2020.
Security sources believe Faisal fled to Pakistan after a 2012 terror plot exposure in Bengaluru. Subsequently, he relocated to the Syria-Turkey border region. The National Investigation Agency named him an absconding accused in the Rameshwaram Cafe blast investigation.
Remarkably, the Red Fort blast mirrors previous attacks in southern India. The Coimbatore suicide car blast killed 28-year-old Jamesha Mubin in October 2022. Investigators discovered potassium nitrate, red phosphorus, and PETN powder at properties linked to Mubin. These materials matched the Red Fort blast bomb-making videos’ described substances.
Encrypted Apps Facilitated Terror Planning
“The right for privacy is more important than our fear of bad things happening, like terrorism.” — Pavel Durov, Telegram Founder
The terror module exploited encrypted messaging applications for coordination. Signal, Session, Telegram, and Threema enabled handlers to share sensitive content undetected. Unlike conventional platforms, Session requires no phone number for registration. It stores no metadata, making user tracing virtually impossible.
Dr. Ganai reportedly communicated with handlers through these secure channels. Initial exchanges occurred on Telegram before switching to Session for greater secrecy. The Red Fort blast bomb-making videos traveled through these digital pathways, evading law enforcement surveillance.
Threema, a Swiss encrypted app, played a crucial role in coordination. The three arrested doctors—Dr. Umar Un Nabi, Dr. Muzammil Ahmad Ganai, and Dr. Shaheen Saeed—used this platform extensively. They allegedly created a private server for sharing documents, maps, and task allocations.
White-Collar Terror Module Unmasked
The investigation exposed a sophisticated network of educated professionals turned terrorists. Dr. Shaheen Saeed, a Lucknow-based physician, headed efforts to establish Jaish-e-Mohammed’s women wing in India. She recruited doctors and medical students, particularly from Jammu and Kashmir.
Authorities recovered an AK-47 rifle from Dr. Shaheen’s vehicle during her arrest. She maintained contact with Sadia Azhar, sister of Jaish-e-Mohammed founder Masood Azhar. Furthermore, she used code names “Madam Surgeon,” “Madame X,” and “Madame Zed” to communicate with associates.
Dr. Adeel Ahmed Rather and Mufti Irfan Ahmad Wagay also faced arrest for their roles. The module planned coordinated explosions across six cities on December 6. This date marks the anniversary of the Babri Masjid demolition, revealing the group’s ideological motivations.
Pattern of DIY Terror Attacks
Security agencies identify disturbing similarities across multiple incidents. Modules in Tamil Nadu, Karnataka, Delhi, Padgah, and Pune followed identical patterns. Online radicalization, remote handlers, DIY explosive assembly, and encrypted communications connected these groups.
Notably, none of these modules maintained physical contact with each other. However, they received guidance from common handlers operating abroad. The Red Fort blast bomb-making videos resembled content shared with other terror cells.
Mohammed Shariq, a 26-year-old college dropout, suffered injuries in a premature Mangaluru blast in November 2022. His module allegedly tested improvised explosive devices in remote locations using handler-provided instructions. Similarly, the Rameshwaram Cafe blast in March 2024 demonstrated this coordinated approach.
The National Investigation Agency arrested Mussavir Hussain Shazib and Abdul Matheen Taha for the Rameshwaram Cafe attack. Investigations revealed Faisal sent dozens of bomb-making videos and thousands of rupees through cryptocurrency to Taha.
Al Falah University’s Dark Connections
The Faridabad institution emerged as the epicenter of terror planning. Four doctors worked at Al Falah University without mandatory no-objection certificates from state medical councils. This major lapse allowed them to operate undetected for months or years.
Dr. Umar Un Nabi joined Al Falah despite termination from GMC Anantnag following a patient’s death. His hiring raised serious questions about the university’s verification processes. The institution’s membership has been revoked by the Association of Indian Universities.
Furthermore, investigators discovered that Mirza Shadab Baig, wanted for 2008 Indian Mujahideen explosions, was a former Al Falah student. This revelation indicates long-standing terror connections at the institution.
Chilling Video Evidence
A recovered video shows Dr. Umar Un Nabi calmly discussing suicide bombing concepts. He argues that what people call suicide bombing is actually a “martyrdom operation” in Islamic terminology. The undated footage reveals his attempt to justify and rationalize the deadly attack.
“One of the biggest misunderstandings is what people label as suicide bombing,” Dr. Umar states in the video. This propaganda material demonstrates the depth of his radicalization and commitment to the terror ideology.
Forensic teams extracted the video from a damaged mobile phone recovered near his Pulwama home. Dr. Umar had instructed his brother to dispose of the device if he “ever heard news” about him.
Investigation Continues
The National Investigation Agency leads the expanded probe across multiple states. Six arrests have been made so far, with interrogations continuing to unravel the complete conspiracy. Authorities question Islamic State-linked suspects imprisoned in Karnataka and Tamil Nadu to identify handler connections.
Investigators examine whether the Red Fort blast bomb-making videos match content shared with other terror modules. They analyze digital footprints, cross-reference identities, and establish the full communication chain. This comprehensive approach aims to dismantle the entire network.
Special Investigation Teams compile reports on funding sources and explosive supply chains. They investigate how residents from neighboring villages might have been involved. Additionally, authorities track cryptocurrency transactions and international money transfers.
Security Implications
The case highlights modern terrorism’s evolving nature. Educated professionals now use encrypted technology and remote guidance to execute sophisticated attacks. The Red Fort blast bomb-making videos exemplify how digital platforms enable transnational terror coordination.
Security experts emphasize the need for enhanced monitoring of encrypted applications. However, balancing privacy rights with security requirements remains challenging. Intelligence agencies advocate for tech diplomacy with countries hosting encrypted-app servers.
The five-phase terror plan discovered during interrogations reveals meticulous preparation. Module formation, raw material procurement, IED manufacturing, reconnaissance, and synchronized execution demonstrated professional coordination. This systematic approach distinguishes modern terror cells from traditional militant groups.
