Facebook | X | Instagram | YouTube | LinkedIn | Threads | TikTok

Report Suspicious Activity Here

BLUF

Federal authorities have interrupted one operation inside a continuing IRGC-directed terror campaign that planned to firebomb a Manhattan synagogue and Jewish centers in Los Angeles and Scottsdale, Arizona. One commander is in custody. The network, its infrastructure, and its standing intent are not. Your church is not a named target in this case, but the enemy’s stated selection logic and operating method are the parts your team needs to understand this week.

Key Judgments

• Highly Likely: This plot was one operation in a continuing state-sponsored campaign directed by Kata’ib Hizballah and the IRGC through the front group Harakat Ashab al-Yamin al-Islamiya, and the arrest of the principal does not end it.

• Highly Likely: The IRGC infrastructure behind this campaign remains intact and operational overseas, with roughly twenty attacks and attempted attacks across Europe and Canada since early March 2026 and an established model of paying criminal third parties to execute.

• Highly Likely: The enemy’s stated selection criterion in this case was support for Israel. Each U.S. target was described in the complaint as a supporter of Zionism, not merely as a Jewish building.

• Likely: The IRGC’s broader doctrine of striking Zionist interests globally can, by the assessment of counterterrorism analysts, expand past Jewish community targets to include religious and political organizations that actively fund or lobby for Israel, which would place Christian Zionist organizations inside that definition.

• Likely: Inspired and copycat actors not under direct IRGC control will continue to act within this environment, and these are the hardest cases for law enforcement to interdict in advance.

• Possible: Associates named in the complaint remain at large and retain some capability to act inside the United States.

  Leave a comment

What Happened

On Friday, May 15, 2026, the Department of Justice unsealed a complaint in the Southern District of New York charging Mohammad Baqer Saad Dawood Al-Saadi, 32, an Iraqi national, with six terrorism-related counts. Prosecutors identify Al-Saadi as a senior member and commander of Kata’ib Hizballah, a U.S.-designated foreign terrorist organization, with ties to Iran’s Islamic Revolutionary Guard Corps, and allege his involvement in nearly twenty attacks and attempted attacks throughout Europe and the United States. The European campaign involved arson, explosive devices, and chemicals against Jewish schools, synagogues, and charities, with responsibility for many attacks claimed by Harakat Ashab al-Yamin al-Islamiya, a front group for the IRGC that outsourced the acts to local criminals to preserve deniability. When Al-Saadi sent an undercover officer the locations of the Manhattan synagogue and the Jewish institutions in Los Angeles and Scottsdale, he attached Arabic-language documents describing each congregation as a staunch supporter of Zionism outside Israel and a beacon for solidarity and support to Israel and its Zionist objectives. He provided photos and maps of each site, asked whether the targets should be hit with an improvised explosive device or set on fire, agreed on a price of $10,000 in cryptocurrency, and sent a $3,000 down payment with a demand that the attack occur on April 6. He was apprehended in Turkey and transferred into FBI custody. The NYPD said it worked with the targeted synagogue’s leadership to ensure its security when the threat was elevated; the synagogue has not been publicly identified, and Al-Saadi was ordered detained pending trial with a next court date of May 29. U.S. Department of Justice + 5

Christian Warrior Bible Study

A Bible study rooted in Scripture for men and women with a warrior’s calling, those who stand ready to protect others, serve faithfully, and live out Christian courage in the hard places of life.

By Keith Graves

Threat Pattern Analysis

The fact that should hold your attention is not the arrest. It is the campaign the arrest did not stop. One international security analyst stated the point directly: although the plot in the United States was stopped, the infrastructure the IRGC has created remains intact. This is a state-aligned proxy operation with a consistent signature, and that signature is what church security leaders should study. NBC News

The selection logic is the first element. The enemy did not choose these sites because they were Jewish buildings in the abstract. The complaint’s own attached documents framed each target by its support for Israel. That distinction reaches further than the synagogue door. The IRGC and its online proxies routinely threaten to strike Zionist interests globally, and counterterrorism analysts note that this loose definition can expand past Jewish community targets to include religious and political organizations that actively fund or lobby for Israel. A church with a public Israel-support footprint fits that expanded definition on its own terms, not by speculation.

The execution model is the second element. The work was outsourced to criminal third parties with no prior ideological footprint. A hired arsonist does not behave like a radicalized congregant. He produces almost none of the behavioral indicators that traditional threat assessment relies on, because his motive is payment, not belief. The third element is method and timing. The plan against the U.S. targets was simultaneous arson across three cities. Simultaneity splits law enforcement attention, overwhelms regional response, and maximizes propaganda value. Taken together, an intact sponsor, a broad selection criterion, paid execution, and a multi-site arson preference, this is a repeatable model, and it does not depend on the man now in custody.

What Your Team Should Know

The direct targets in this case were Jewish institutions, so the synagogues and Jewish centers in your area carry the highest near-term risk profile right now. Senior security professionals have described the current period as the most elevated and complex threat environment the Jewish community and the country have faced in modern history, driven in part by IRGC sleeper-cell activity across the West and by inspired actors who give law enforcement little advance warning. If you have a working relationship with the security leadership at a nearby synagogue or Jewish center, this is the week to confirm it. Shared situational awareness across religious institutions in the same area is one of the few defenses that scales against a simultaneous multi-site model.

For your own congregation, the honest read depends on your footprint. A church that publicly raises money for Israel, runs an active Israel advocacy or lobbying ministry, displays Israeli colors prominently, or shares a campus or close proximity with a synagogue fits the enemy’s stated selection logic as analysts assess it can be applied. Those congregations should treat their near-term exposure as real and rising, not remote. A congregation with no public Israel-support footprint and no Jewish institution nearby carries materially lower exposure this week. Both are true at the same time, and your team should know which one describes your church before you set your posture.

The outsourced-attacker problem changes how you watch. You are not necessarily looking for an angry man with a manifesto. You may be looking at a paid stranger conducting a single reconnaissance pass, or arriving once after hours to place an incendiary device against an exterior wall. That shifts the emphasis toward physical-site hardening and hostile surveillance detection, and away from behavioral profiling alone. Arson was the chosen method here. Walk your perimeter with that specific threat in mind.

Christian Warrior Prepper

Christian Warrior Prepper equips believers with practical survival skills and biblical guidance for uncertain times. Join our community dedicated to preparedness, resilience, and faith-driven action.

By Keith Graves

Threat Indicators

• Persons photographing or filming entrances, cameras, utility connections, or the building exterior, or appearing to measure or sketch the layout

• Repeated drive-bys, or a parked vehicle with occupants observing the property over time

• Strangers asking unusual questions about service times, attendance, security staffing, or building access

• Containers, accelerant odor, or tampering with exterior gas or utility connections, particularly found during opening checks

• Online threats or posts referencing Israel, Zionism, retaliation for the conflict with Iran, or Soleimani, directed at your church or at religious institutions in your area

• Coordinated or near-simultaneous suspicious activity reported at synagogues or Jewish centers near your campus

  File an SAR for Suspicious Activity Here

Recommended Actions

• Church security teams should increase exterior patrols and after-hours checks this month, with specific attention to incendiary pre-staging at ground level and against exterior walls.

• Church security teams should physically inspect fire detection and suppression coverage, exterior ignition vulnerabilities, and combustible storage placement, and correct what they can this week.

• Church security teams should establish or refresh a direct contact with the security leadership of nearby synagogues and Jewish centers, and with their local law enforcement, FBI Joint Terrorism Task Force, or regional fusion center.

• Church security teams that lead or host public Israel-support activity should assess that footprint honestly against the enemy’s stated selection criterion and brief leadership on what it means for posture.

• Church security teams should brief greeters, parking, and door teams on hostile surveillance recognition, and give them a simple, low-friction way to report it without confronting anyone.

• Church security teams should route observed suspicious activity into a reviewed reporting channel, including the national CWT reporting platform at alert.christianwarriortraining.com when a local channel is not available.

• Church security teams should review their contingency for a simultaneous or secondary incident and avoid a plan that commits every resource to the first event.

• Church security teams should confirm camera coverage of all exterior approaches and verify recording retention before, not after, an incident.

Threat Assessment

For the church security community, the present threat level is ELEVATED (YELLOW), and it should be held there with discipline rather than relaxed because an arrest was made.

The reasoning runs in one direction and then the other. The principal in this operation is in U.S. custody, which removes one commander and one specific plot. That fact alone would argue for a lower posture. It is outweighed by what remains. It is Highly Likely that the parent network continues to operate, given its sustained tempo across Europe and Canada and the analytic judgment that its infrastructure is intact. It is Highly Likely that the enemy’s targeting criterion is support for Israel rather than the narrow category of Jewish buildings. It is Likely that this criterion, under the IRGC’s stated doctrine of striking Zionist interests globally, can extend to religious organizations that actively fund or lobby for Israel. It is Possible that named associates remain at large with some capability inside the United States.

Applied to Christian congregations, direct targeting by this network is currently Unlikely for the majority of churches, and that is why the posture is YELLOW and not higher. The value of this brief is not a warning that your church is next. It is pattern recognition and an honest read of your own footprint. A congregation with a public Israel-support mission, or one sharing close proximity with a synagogue, sits closer to the enemy’s stated logic than a congregation without that footprint, and should weight its watch and its hardening accordingly. The correct posture for the community is heightened awareness and physical hardening this month, a deliberate strengthening of the relationships that let religious institutions in the same area see a coordinated threat forming, and a clear set of conditions that would move the posture up. Those conditions are an associate of this network assessed inside the United States, any U.S. religious site attacked using the arson-plus-outsourced-attacker signature, any IRGC or HAYI communication that explicitly names Christian or church targets, or coordinated suspicious activity at multiple religious sites in one region within a short window. Written down in advance, the next decision is mechanical, not emotional.

Biblical Lens

“And we prayed to our God and set a guard as a protection against them day and night.” — Nehemiah 4:9 · ESV

“The prudent sees danger and hides himself, but the simple go on and suffer for it.” — Proverbs 22:3 · ESV

Nehemiah did not choose between prayer and a guard. He did both, in the same breath, and he kept the watch posted around the clock because the threat was real and it was not going away. Proverbs 22:3 draws the line between the team that reads a warning and changes something and the team that reads it and does nothing. You have the warning. Prudence is what you do with it this week.

Take a few minutes after your next team meeting to walk your building with this case in mind and to assess your congregation’s footprint honestly. Then share this brief with your pastor and your team leader, and leave a comment with what your team is changing as a result. Watch and pray.

Leave a comment