New Delhi (Rajeev Sharma): New findings from the investigation into the Red Fort blast have exposed an elaborate web of foreign handlers and encrypted digital communications that investigators say guided the terror module from abroad. The revelations point to extensive online radicalisation and a supply chain for explosives that stretched far beyond Delhi–NCR.
Officials probing the case said one of the arrested suspects, Dr. Muzammil Ahmad Ganai, had been in regular contact with at least three handlers using aliases such as “Hanzullah,” “Nisar,” and “Ukasa.” Through secure messaging apps, these individuals allegedly transmitted detailed instructions on assembling improvised explosive devices.
Investigators have recovered 42 bomb-making videos sent specifically by the handler known as “Hanzullah” to Dr. Ganai, who worked at Al Falah Medical College in Faridabad. Police claim he played a key role in storing and sourcing materials for the group. His arrest earlier this month led to the seizure of a massive cache—over 2,500 kg of explosive ingredients, including 350 kg of ammonium nitrate—from his home.
Authorities say the main executor of the blast, Umar Nabi, relied heavily on remote guidance from these foreign operatives.
Probe Zeroes In on Familiar Name Tied to Past Southern India Attacks
Investigators are also examining potential involvement of Mohammed Shahid Faisal, a figure long known to counterterror agencies. Operating under multiple online monikers—“Colonel,” “Laptop Bhai,” and “Bhai”—Faisal has been associated with several major blasts in Karnataka and Tamil Nadu since 2020.
His name surfaced in:
- the Coimbatore car explosive incident (2022),
- the autorickshaw blast in Mangaluru (2022), and
- the Rameshwaram Café explosion in Bengaluru (2024).
Faisal, an engineering graduate from Bengaluru, fled India in 2012 after investigators linked him to a Lashkar-e-Taiba plot. Intelligence inputs suggest he later took refuge in Pakistan before relocating near the Syria–Turkey border, where he is believed to continue coordinating modules remotely.
The alias “Ukasa,” used by one of the handlers in the Delhi case, is suspected to belong to an individual based in Turkey, raising the possibility that the Delhi and southern India modules may share the same network.
Echoes of the Coimbatore Suicide Blast
Scenes from the Delhi blast investigation bear notable resemblance to the 2022 Coimbatore suicide attack, where engineering graduate Jamesha Mubin died in a car explosion outside a temple.
In that case, authorities found chemicals including potassium nitrate and PETN, along with manuals and DIY instructions accessed through encrypted apps. Mubin had reportedly posted videos expressing radical motivations shortly before the blast. His group is suspected to have extracted ammonium nitrate from fertiliser—a method investigators also believe was used in the Delhi module.
Officials Warn of ‘Hybrid’ Terror Model
Top security officers say the emerging picture suggests a “hybrid” operational structure: small local actors receiving real-time guidance, training materials and motivation from handlers across multiple countries.
The forensic examination of seized digital devices is underway, and investigators expect more names to surface in the coming weeks. Officials have not ruled out additional arrests as linkages to earlier attacks grow clearer.
The probe continues to unfold, with agencies calling it one of the most complex terror modules uncovered in recent years.
