Since the beginning of 2026, at least four landslides are reported to have killed hundreds of people at the Rubaya mines in the Democratic Republic of Congo (DRC), a major global source of coltan. Coltan is widely used in smartphones, laptops and e-vehicles.

With the mines currently under the control of the Rwandan-backed group M23, and access restricted to journalists and many NGOs, the true number of casualties remains unclear. Frequent cellular network disruptions have also been reported across the region.

In the absence of reliable on-the-ground coverage, Bellingcat used open source methods to examine statements from the authorities and media reports. Bellingcat confirmed several incidents in which villages were engulfed in the landslide and residents living near the mine were among those killed.

Landslide No.1 – January 28

Reports of a deadly landslide killing more than 200 people began appearing in international media in late January and early February. 

Three days after the incident, the DRC government made a statement on Facebook outlining that at least 200 people had been killed. They said the landslide was “a consequence of the rampant and illegal mining by Rwanda and the M23/AFC”.

In response, the M23-appointed local governor, Lumumba Muyisa, told Reuters that at least 200 people had been killed, but attributed the landslide to heavy rains. 

Landslides are common in small-scale mines, especially during the rainy season, which in Rubaya spans from September to May and peaks between March and April. 

Bellingcat cross-checked local media reports against one of the few social media posts about the incident, geolocating the phone footage to a mining pit south-east of Rubaya. In the video, the narrator speaking in Kinyarwanda (the national language of Rwanda, also spoken in eastern DRC) pans from the top to the bottom of the slope. Filmed at a distance, no bodies are visible in the footage.

Satellite imagery captured before and after the first landslide shows how the mud advanced down the slope.

Landslide No.2 – March 3

Just over a month later, a second landslide was reported. On Facebook, the DR Congo Ministry of Mines released a statement including a provisional death toll of more than 200 people:

However, senior M23 official Fanny Kaj, speaking to AP, rejected the DRC government’s claims, stating: 

“I can confirm what people are publishing is not true. There was no landslide; there were bombings, and the death toll isn’t what people are saying. It’s simply about five people who died,” Kaj said. 

The same day the second landslide was reported, another M23 spokesperson, Lawrence Kanyuka, announced an attack involving “combat drones and heavy artillery”, at a location more than 250km from Rubaya.

Speaking to eyewitnesses at the mines, international media reported a landslide triggered by heavy rains, with no mention of bombings – only of workers buried under the earth. 

Bellingcat verified several social media videos of the second incident, in which dozens of people are seen digging for those buried under the mud. The clip below is an edited excerpt that excludes graphic images of bodies.

Edited video clip (left) geolocated to the camera icon (right). The white line (right) shows the camera’s movement as it pans across the slope. Source: Planet Labs PBC, March 26, 2026.

Later in the video, as the camera zooms in on several bodies, the narrator speaking in Kinyarwanda says: “Those you can see here have just been pulled out. These people are dead, but others are continuing to the search operations.” 

Due to the low quality of the footage, an accurate body count was not possible. 

Bellingcat geolocated footage of landslide No. 2 to the same location as landslide No. 1, shown in the satellite imagery below.

M23 did not respond to a request for comment on findings contradicting senior official Fanny Kaj’s claim that no landslide occurred on 3 March.

Landslide No.3 – March 7

Four days later, a third landslide was reported, with estimates of more than 300 people killed, according to civil society official Telesphore Nitendike. Speaking to EFE, Nitendike said the landslide had affected “more than 40 families” as houses were “swept away” by the mud.

Satellite imagery shows the landslide advancing from east to west as mud surged down the slope.

Before and after the third landslide on March, 3. Source: Planet Labs PBC.

Bellingcat verified more than a dozen social media videos from the third incident, the majority posted on X by local media accounts. Almost all contained highly distressing content, including the bodies of young children. In one video, the narrator walks through a crowd of more than a hundred people, then stops and pans across several bodies covered with blankets, saying: 

“These bodies were found here in Gatabi [name of village], inside houses. You can see how the houses were swallowed. The search for residents is still ongoing. It is truly a tragedy.”

As he continues filming, at least seven unclothed bodies, all young children, are seen being carried down the slope.

“You see, there, that’s another child’s body. These are children who were sleeping in their homes. Some were still in bed when they were swallowed by the landslide.”

Left: Video clip shows a body covered with a blanket on a stretcher. Right: Video clip shows the community-led rescue effort. The background satellite image shows geolocated pins marking the videos. Source: Planet Labs PBC, 16 February 2026.

Bellingcat geolocated 12 social media videos of the third landslide to a location southwest of Rubaya town.

Landslide No.4 – March 27

A fourth landslide was reported at the end of March by local outlets, describing the collapse of two mining shafts and the death of at least nine workers. 

Satellite analysis, combined with the geolocation of one social media video, indicates the fourth incident took place at the same location as landslides No.1 and No.2.

Before and after the fourth landslide on March 27. Yellow box highlights houses engulfed in the mud. Source: Planet Labs PBC.

Despite repeated attempts by Bellingcat to contact the DRC government and M23 for updated casualty figures across all four incidents, neither party responded. 

In February of this year, human rights group Global Witness called on companies and governments using or trading DRC’s coltan to ensure mine operators adhere to international human rights and environmental standards.

Support Bellingcat

Your donations directly contribute to our ability to publish groundbreaking investigations and uncover wrongdoing around the world.

Donate

Bellingcat also contacted the DRC government spokesman and minister for communication and media, Patrick Muyaya, regarding a post he made on X that Bellingcat found to be promoting misinformation about the rate of expansion of the mines while under M23 control.

In the post, Muyaya urges followers to watch a video that presents itself as an open source report but includes satellite imagery falsely attributed to Bellingcat and “Planet Labs Inc.” We can confirm that this is not our work. The imagery also appears not to be from Planet Labs PBC, but from Google Earth Pro (illustrated below). 

The fabricated video was originally posted in 2025 by the Facebook account, Congo Kinshasa.

Contacted by Bellingcat, Congo Kinshasa confirmed that they were the creator of the video. Asked to explain why the satellite images were mislabeled and the analysis wrongly attributed to Bellingcat, they responded: “I don’t understand you. What exactly is your problem?”

Minister Patrick Muyaya did not respond to our request for comment on his post promoting false information.

Claire Press contributed to this report.

Bellingcat is a non-profit and the ability to carry out our work is dependent on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Patreon channel here. Subscribe to our Newsletter and follow us on Bluesky here, Instagram here, Reddit here and YouTube here.

The post DRC’s Coltan Belt: Verifying Deadly Landslides At Mines Under M23 Control appeared first on bellingcat.

This investigation is a collaboration between Bellingcat and Colombian media outlet Cerosetenta. You can read Cerosetenta’s piece in Spanish here.

A video posted on Feb. 26 shows several men painting over graffiti in Restrepo, a neighbourhood in Bogota, Colombia, and replacing them with images of their own: a logo used by Colombian political candidate and businessman Jorge Rodriguez, who is one of the men shown in the footage.

“Today we are defending public space to stop generating hatred in future generations!” said the caption posted on Instagram by Rodriguez, who unsuccessfully ran for office in the March 2026 congressional elections as part of Centro Democratico, the country’s largest right-wing party. 

But at least one of the graffiti-ed pieces they painted over carried a message critical of, rather than promoting, hate: “Creole Nazis will not pass” – using a term that refers to Nazi sympathisers in Latin America. 

And although the faces of most of the men shown in the video were pixelated, the tattoos visible on one of them have multiple similarities with a prominent member of neo-Nazi group Active Club Bogota – an individual known as Javier “Orlik” Ruiz, whom Rodriguez follows on Instagram and who “liked” the video.

In response to Bellingcat and Cerosetenta’s queries via Instagram, Rodriguez did not answer questions about his relationship with Active Club Bogota or the individual we identified as appearing in his videos, but said he was “not obligated to respond to any interview or request without a court order”. He also threatened legal action if we used his image or name in this investigation, saying that this would violate his rights to privacy, reputation and data protection, as well as the right to his own image. 

Support Bellingcat

Your donations directly contribute to our ability to publish groundbreaking investigations and uncover wrongdoing around the world.

Donate

Similarly, Ruiz did not reply to questions that Bellingcat sent via email, including on his role in Active Club Bogota, but responded to our query by threatening legal action if we used his name, image or background information about him without his “prior, express and informed authorisation”. Ruiz said in his email that, among other things, processing his personal data without authorisation could be considered a violation of personal data under Colombian law.

After Bellingcat replied to both Rodriguez and Ruiz, noting that they did not answer our questions and inviting them again to do so, Ruiz responded with another legal threat referencing data laws – again without answering any questions related to this investigation. 

Bellingcat and Cerosetenta have consulted legal experts in both the Netherlands, where Bellingcat is headquartered, and in Colombia on the question of how privacy laws in both countries are balanced against the right to freedom of expression. In light of (amongst other factors) the public interest in this information and the fact that both Rodriguez and Ruiz qualify as “public figures” (persons who have, through their acts or their position, entered the public arena), the reporting in this article and the editorial choices made by Bellingcat are protected by the freedom of expression.

Both Rodriguez’s and Ruiz’s full responses are included at the end of this article.

Active Club Bogota is the local branch of the international Active Club movement. It hosted celebrations of Adolf Hitler’s birthday at a Bogota community centre in 2025 and 2026. At the 2025 event, the group hosted a Nazi-inspired book burning. This year, the group celebrated with Nazi swastika cupcakes, a swastika-emblazoned birthday cake and the screening of a 1940 Nazi propaganda film.

Bellingcat and our Colombian partner Cerosetenta reached out multiple times via email and phone to the president of the relevant Community Action Board managing the community centre where these events were held, using contact information listed in a document by the local mayor’s office. As of publication, we have not received a response to our emails, and calls to the president of the community centre have gone unanswered.

Active Club Bogota, which has had an online presence since early 2024, appears to be the only officially recognised South American chapter of the neo-Nazi network started in the US by white supremacist Robert Rundo. The international movement, which Bellingcat has covered extensively, is known for using fitness, fighting and fashion to recruit young men and boys into the far right, normalise fascist ideas and prepare them for physical violence against perceived enemies. 

Active Club Bogota’s official Instagram account followed just over 60 accounts earlier this year. Rodriguez’s public Instagram account was, and continues to be, one of them. In March this year, Rodriguez also “liked” a March 2026 post from the group that featured a flag for a neo-Nazi movement. 

While Rodriguez was unsuccessful in his bid for a seat in parliament, garnering just 4,401 votes, he presents himself as a prominent member of Centro Democratico and claims to have founded the party’s largest youth group. 

He has appeared in photos and events on his social media alongside notable figures from the party, such as former Vice Minister of Justice Rafael Nieto Loaiza, party director Gabriel Vallejo, presidential candidate Paloma Valencia and the party’s founder, Alvaro Uribe Velez.

Alexander Ritzmann, a senior advisor with the Counter-Extremism Project (CEP), told Bellingcat that an affiliation between Active Club Bogota and a political actor like Rodriguez should be taken seriously.

Heidi Beirich, co-founder of Global Project Against Hate and Extremism (GPAHE), said that any sort of legitimacy lent to an outwardly neo-Nazi group, like those that make up the Active Club movement, “sets a dangerous precedent”.

Bellingcat’s investigation into Active Club Bogota also suggests that the group has connections with the international far-right, with allies and “brothers” from Brazil to Spain, as well as apparent links with Combat 18, a violent neo-Nazi network accused of being an “international criminal organisation” and terrorist group. There is no evidence to suggest that Rodriguez has any connections to these other groups.

Centro Democratico was the biggest challenger to Colombian President Gustavo Petro’s left-wing coalition Pacto Historico in the March elections, securing 17 seats in the Senate, up from 13 in 2022, and a majority of 32 seats in the House of Representatives, double the 16 it won in the previous elections.

In response to Bellingcat’s queries, Centro Democratico National Director Gabriel Vallejo said the party was unaware of any proven links between Rodriguez and far-right, neo-Nazi, or extremist groups. 

Vallejo said that the Party’s candidates retain the right to exercise their freedom of expression and define their ideological affinities within the limits of the Constitution and the law. 

However, Vallejo said that Centro Democratico does not support or endorse any type of link with organisations or movements that incite hate speech, violence or the glorification of crime. 

“The Party maintains a firm stance in defence of the Constitution, the law, democratic institutions, and respect for human dignity, as well as in the protection of the public interest and fundamental rights,” he said. “In this regard, any conduct that contravenes these principles is contrary to the Party’s guidelines and will be subject to the corresponding actions in accordance with the Statutes and applicable regulations.”

Tattoo Identifications

In Rodriguez’s Feb. 26 video, the former political candidate can be clearly seen. However, several others had their identities obscured, with one particular individual being completely pixelated from head to toe in almost every frame he appeared in, even where only part of his arm was visible. 

But thanks to a few frames where parts of the individual’s arms or hands are briefly unpixelated, or where colouration shows through the pixelation, Bellingcat was able to match the person shown in the video to a prominent Active Club Bogota member and possible leader – an individual who goes by Javier or “Orlik” Ruiz – who Rodriguez follows on Instagram and vice versa. 

Between April and May 2024, the first few weeks after Active Club Bogota’s Telegram channel was set up, eight posts listed an author who went by “Orlik Ruiz”. 

Bellingcat searched online for social media accounts and information related to “Orlik Ruiz” and quickly found numerous public social media accounts that appear to belong to the same individual, with posts showing photos of his face and tattoos. Several of these accounts used the name Javier Ruiz. These accounts included a YouTube account featuring 2022 video clips showing Ruiz and other men at a shooting range, holding what appear to be automatic rifles.

In most of these social media accounts, Ruiz posted numerous photos exposing his face and, more frequently, his tattoos from multiple angles, allowing Bellingcat to confirm that the same individual appears in the vast majority of Active Club Bogota’s online content.

Active Club Bogota’s Telegram channel listed an account with the name “Javi” as the group’s main contact. There were more than 30 posts on this account’s own profile page, and though the face of the person shown in the photos posted from this account was obscured, the matching tattoos in many of these posts all pointed to the same person.

Ruiz’s tattoos had several distinctive features that appeared across multiple photos. The backs of both of his hands are tattooed up to the base knuckles. He also has an arrow tattoo on his left middle finger, pointing down towards the base knuckle, and a red design that circles his left wrist. 

These match several features of tattoos on the individual’s left hand that can be made out despite the pixelation, including what appears to be red colouration on the individual’s wrist, heavy dark hand tattooing, and also discolouration on the left middle finger, suggesting tattoos on that finger.

While blurred footage alone is not enough to confirm matching tattoos, several other significantly more detailed and clearer comparisons could be made. 

In one frame, a very similar arrow to that seen in photos of Ruiz appears on the left middle finger of the individual shown in the video.

In addition, there are gaps in the tattoos and a rounded shape visible on his left arm that are consistent in position with photos of Ruiz’s tattoos.

There are also several frames in the video where the individual’s right hand is visible. These unpixelated, although still blurry, frames show the individual has heavy tattooing on their right hand that forms a curved shape between their knuckles. This is consistent with the shape of the tattoos on the right hand of Active Club Bogota’s Ruiz as seen in photos posted on the group’s Telegram channel and on social media.

Another frame shows a small red tattoo visible on the middle-right finger as well as a detail between the index finger and right pinky. This matches with other, clearer images of Ruiz’s tattoos visible on his private Instagram.

Furthermore, in several frames of the video, the pixelated individual’s upper-right arm is visible, showing red colouration that is consistent in size and shape with images of Ruiz’s tattooed right arm.

Promoting Fascist Ideas in the Region

The first sign we could find online of Active Club Bogota’s appearance on the city’s neo-Nazi scene was in early 2024, when its official Telegram channel was created. 

The official Active Club website that Rundo, the American founder of the Active Club movement, has openly promoted in several podcasts features a map of “official” Active Clubs around the world. As of the time of publication, Active Club Bogota is the only one in South America on the map.

But social media posts from Active Club Bogota suggest that the Colombia-based group has been attempting to promote the development of other Active Clubs in Latin America, with mixed results.

In September 2025, Active Club Bogota promoted a new Active Club in Brazil, boasting that “our brothers … have also taken a big step forward.” 

This Brazilian Active Club Telegram channel no longer exists as of February 2026. 

Also in September 2025, Active Club Bogota promoted the Telegram channel of a new Active Club in Argentina, which they referred to as “our Argentinian friends”. This Telegram channel, like the Brazilian Active Club Telegram channel, no longer exists as of February 2026.

In December 2025, Active Club Bogota promoted the Telegram channel of another new Active Club based in Mexico City, which the Colombian channel referred to as “our Mexican brothers, who are joining this great movement that seeks to reclaim our identity and heritage”.

Related articles by Bellingcat

Europe

The Small Bulgarian Streetwear Shop Designing Clothes for the Far-Right ‘Active Club’ Movement

Beirich, the co-founder of GPAHE, said that Active Clubs are a concerted effort to market the far right to a new generation of young people. 

“Active Clubs can and do serve as a bridge between older generations of neo-Nazis and the current wave of youth engaging with the movement,” she said.

“Groups like the one in Bogota are hyper-local enterprises that also connect its members to a transnational extremist network of other Active Clubs and white supremacist groups that share a similar worldview,” she added.

Ritzmann, from CEP, also said that the threat posed by the group should not only be measured by its size. “Even a small local chapter can function as a recruitment hub, a training environment, and a bridge into wider transnational extremist networks,” he said.

International Connections

Our identification of Ruiz also led to evidence of links between Active Club Bogota and international neo-Nazi networks Blood & Honour and Combat 18.

In a May 2024 photo posted on his public Telegram account, a man whose face is covered by a cloth mask and further obscured with a digital image was pictured standing next to two neo-Nazi musicians who were in Bogota to perform at a concert that Ruiz had promoted on his Telegram account. One of the musicians is British neo-Nazi Ken McLellan, who has long been associated with Blood & Honour. 

The tattoos on the lower left leg and right hand of the man whose face was obscured appear to be the same as Ruiz’s – matching the shape, colour and position – based on photos publicly posted on Active Club Bogota’s Telegram channel.

Blood & Honour is an international neo-Nazi network founded in the United Kingdom in 1987; McLellan and his band were present at this founding meeting and still regularly perform at Blood & Honour-affiliated concerts. Blood & Honour’s affiliate group Combat 18, described as the “armed branch” of Blood & Honour, was founded in 1992. 

Members and associates of Blood & Honour and Combat 18 have been accused of crimes including possessing explosives and drug trafficking. Individuals associated with both groups have been convicted of crimes including attempted murder, murder and terrorism. Both groups have been designated terrorist organisations in Canada since 2019 and have been subject to financial counter-terrorism sanctions in the United Kingdom since January 2025. 

A Colombia-based neo-Nazi fashion retailer that sells t-shirts with Combat 18 symbolism and branding also lists Ruiz as the main contact on its Telegram channel (Bellingcat is not naming the retailer to avoid amplification). 

On its WhatsApp Business account, this retailer advertises neo-Nazi clothing and paraphernalia, including content with Combat 18’s name, symbolism and branding, as well as content promoting bands with documented links to Combat 18. Active Club Bogota has also promoted this retailer on its own Telegram channel. After reaching out to Meta, the parent company of WhatsApp, a spokesperson told Bellingcat that “this account breaks our terms of service and we have banned it”. As of publication, the WhatsApp Business account has been blocked.

After a series of arrests of alleged members in Spain in October 2023, Spanish authorities publicly called Combat 18 an “international criminal organisation” and claimed the Spanish wing of the group has relations with Combat 18 members in South America. 

Spanish media outlet El Periodico further reported that this police operation against Combat 18 in October 2023, according to their sources, “was mounted to pursue organised crime and other related offences, including drug trafficking”. 

Bellingcat established another link between the two groups through another individual associated with Active Club Bogota. 

In a 2015 post on one of Ruiz’s public Facebook accounts, an individual (in red below) who at the time was a bassist with a neo-Nazi band that sang songs praising and promoting Combat 18, is visible with a black tattoo on his left bicep.

Almost a decade later, in January 2025, Active Club Bogota posted a video that featured an individual with a tattoo that appeared to be in the same shape and placement.

The bassist’s name was mentioned in two posts by Juan de Dios Osuna Montanez, the alleged leader of Combat 18 in Spain, on Instagram in May 2024. 

Both posts featured a photo of what Montanez described as “little gifts directly from Colombia,” with Montanez thanking an account under this individual’s name, calling him his “brother.” These posts occurred during the same time period during which Active Club Bogota posted content from Catalonia, in northeastern Spain.

The photos Montanez posted of the apparent gifts are nearly identical, with the only difference being that the second photo is more zoomed in than the first. The photo shows a sticker with Active Club Bogota’s logo and branding, a t-shirt reading “Blood & Honour Colombia Division,” a sticker featuring both Blood & Honour and Combat 18’s logo, as well as packages of candy and coffee that Bellingcat was able to identify as being from small Colombian brands. 

Montanez did not respond to Bellingcat’s request for comment via Instagram and Facebook, but we were blocked by his Instagram account after we reached out. We were unable to find any other public contact information for Montanez.

Ritzmann of CEP said that Active Club Bogota’s repeated display of the Combat 18 flag on its Telegram channel signals identification with one of the most explicitly militant neo-Nazi traditions in Europe.

He added that while some Active Clubs avoid overtly antisemitic references to avoid scrutiny by law enforcement, reduce negative media attention and attract new recruits without frightening them away, Active Club Bogota “appears to sit at the more explicit edge of the Active Club strategy” with its open celebration of Hitler’s birthday and its antisemitic messaging. 

“The network wants to appear harmless enough to avoid scrutiny, but radical enough to attract militants. Active Club Bogota is an example of how that balance can shift toward overt neo-Nazi mobilisation while still remaining inside the wider transnational Active Club ecosystem,” he said.

Carlos Gonzales and Pooja Chaudhuri contributed research to this piece.

Bellingcat is a non-profit and the ability to carry out our work is dependent on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Patreon channel here. Subscribe to our Newsletter and follow us on Bluesky here, Instagram here, Reddit here and YouTube here.

The post Unearthing a Colombian Politician’s Connections to Neo-Nazi Active Club Group appeared first on bellingcat.

Bellingcat has identified at least 80 police stations or infrastructure related to law enforcement agencies and the Basij paramilitary group that has been damaged or destroyed in the first three weeks of the United States and Israel’s war against Iran. Experts told Bellingcat that both countries aim to degrade the Iranian regime’s “repressive capacity”.

Combined, the US and Israel have conducted thousands of strikes during the course of the 2026 war in Iran. Targets range from Islamic Revolutionary Guard Corps (IRGC) sites, Navy vessels to Iranian weapons manufacturers.

In early March, a Bellingcat analysis using satellite imagery and available photos and videos identified police stations as another apparent target, with at least 15 damaged or destroyed in the capital, Tehran.

We also identified multiple strikes against police infrastructure in the country’s north and west; these areas were targeted by the Israel Defence Forces according to a map released by the IDF on March 31.

“We are providing the brave people of Iran with the conditions to take their destiny into their own hands,” declared the Israeli Ministry of Foreign Affairs official X account, along with a photo of a destroyed police station.

اینجا کلانتری ۱۲۱ سلیمانیه در خیابان نبرد تهران بود.

ما شرایطی را برای مردم شجاع ایران فراهم می‌کنیم تا سرنوشت خود را در دست بگیرند. pic.twitter.com/VSm6YVvIwZ

— اسرائیل به فارسی (@IsraelPersian) March 5, 2026

In all, the majority of strikes Bellingcat analysed focused on police stations (30 incidents) and command centers or headquarters (29 incidents). Locations also include sites related to Basij, a plainclothes paramilitary organisation (9) affiliated with the IRGC that were “involved in the deadly crackdown” of protests in January 2026, others are associated with special forces (3) and traffic (2) or diplomatic (2) police compounds.

Related articles by Bellingcat

Investigations

Satellite Imagery Reveals Strikes on Iranian Police Stations

Due to commercial satellite companies limiting access to imagery over Iran and neighbouring countries we relied on Sentinel-2 imagery data to help verify the incidents, as well as videos and photos, some of which were also verified by independent geolocators and contributors to the Geoconfirmed volunteer community and confirmed by Bellingcat researchers. 

Location data was partly determined using open source mapping data either from Wikimapia, OpenStreetMap or Google Maps. When video footage or photos were available for incidents reportedly targeting police stations, the location was verified with geolocation and satellite imagery analysis using either Planet Labs medium resolution PlanetScope data (restricted to imagery collected by March 9) or low resolution Sentinel-2 data.

Some locations were discovered utilising location data taken from OpenStreetMap using Overpass Turbo and comparing that with available Sentinel-2 data throughout Iran.

Map showing geolocated incidents in Iran. Click the markers to view the coordinates, sources, and verification notes. Map: Bellingcat/Miguel Ramalho

A Problem of Scale

Israel has released multiple videos showing the targeting of bases and checkpoints belonging to the Basij. In mid-March, the IDF announced the killing of the paramilitary group’s commander, Gholamreza Soleimani. 

Targeting the Basij is part of Israel’s and the US’ agenda “to degrade the regime’s repressive capacity,” Ali Vaez, the director of International Crisis Group Iran Project, told Bellingcat. Police stations are “not involved in repression in the way that crowd control police or Basij centers are”, so targeting them “appears more aimed at preventing the Islamic Republic from being able to maintain control internally,” he said.

Support Bellingcat

Your donations directly contribute to our ability to publish groundbreaking investigations and uncover wrongdoing around the world.

Donate

Vaez told Bellingcat that, when considered alongside the broader range of targets, including industrial factories, the widespread targeting of police stations is part of a strategy “to make Iran ungovernable for the existing regime or whatever comes after”. 

Vaez was skeptical about the short term effects: “It’s a problem of scale. Iran is such a large country, even if you are able to completely destroy, not just degrade, the capacity of the regime in policing, oppressing, etc – it really requires not just maybe weeks but maybe months if not years.”

The Risk of Civilian Casualties

As of April 7, the Iranian Human Rights Activists News Agency estimates there’ve been more than 1,700 civilian fatalities during the war. 

Several police stations are situated in densely populated urban areas such as Tehran. Stations are used by civilians for various reasons including renewing driving licences, so if these buildings are targeted “during working hours and not in the middle of the night then risk is higher for these people,” Vaez said.

Map showing geolocated incidents in Tehran. Click the markers to view the coordinates, sources, and verification notes. Map: Bellingcat/Miguel Ramalho

A recent joint Airwars, Center for Civilians in Conflict and Human Rights Activists in Iran report detailing the first month of civilian casualties included a section on the worsening situation for detainees in Iranian prisons — including police stations that have been targeted. 

“I was detained in the holding cell of [Police Station 148] for ten days, along with four other activists. Now it looks like nothing is left of that station but ruins. I can’t even recognize where the detention area was. I keep wondering what happened to the people who were being held there during the attack. – Activist, told HRA upon seeing photos of the police station after recent US/Israeli airstrikes.”

Footage shared and geolocated by the BBC’s Shayan Sardarizadeh showed Police Station 148 damaged after an apparent strike in mid-March.

The main building of Tehran’s 148 police station and its courtyard, located on Enghelab Street, has been severely damaged in air strikes conducted on Friday.

The adjacent Hamoon Theatre also sustained some damage.

Video: @Vahid

Location: 35.700812, 51.402163@GeoConfirmed pic.twitter.com/9sdOtHd2XN

— Shayan Sardarizadeh (@Shayan86) March 14, 2026

One destroyed police station identified by Bellingcat in the city of Mahabad in northwestern Iran led to apparent damage to an Iranian Red Crescent Society building located next door. According to Iran’s Tasnim News agency (an IRGC-affiliated media outlet sanctioned by the EU, the US and Canada), one Red Crescent employee was injured in the attack.

The police station adjacent to the Red Crescent building isn’t identified on any mapping services, though there are reports “Police Station 11” was targeted the same day.

Israel has also targeted checkpoints operated by Basij members.

Bellingcat examined two cases showing Israeli strikes on checkpoints while civilians were passing. In one video, a strike hits a checkpoint as five motorbikes and a vehicle go by.

In another IDF video, a yellow bus is immediately adjacent to the checkpoint when it is hit. It is unclear how many people were on the bus at the time of the strike or if anyone was injured.

According to the Open Source Munitions Portal (OSMP), Israeli drones commonly employ the Mikholit bomb. A variant of this bomb has 890 grams of explosives, an amount that creates hazardous fragmentation up to 104 meters away. 

“I have been watching the reporting on these Basij strikes and the use of the Mikholit in particular in open urban areas. It is IDF standard—using precision munitions and even sometimes “low collateral” munitions but in a reckless manner that still puts the civilian population at risk,” Wes J. Bryant, a defence and national security analyst formerly with the Pentagon’s Civilian Protection Center of Excellence told Bellingcat.

Questions Over Legality

International Humanitarian Law defines civilians as “persons who are not members of the armed forces”. Police officers fall under that definition, according to Adil Haque, Professor of Law at Rutgers University and Executive Editor at Just Security.  “As a rule, police are civilians and may not be attacked unless they take a direct part in hostilities,” Haque told Bellingcat. National security analyst Bryant agreed, adding that targeting police “does not stand up to legal scrutiny”.

In an email to Bellingcat, the IDF noted “that the police form part of Iran’s internal security apparatus, which also forms part of Iran’s armed forces, under Iran’s own domestic legislation. In every strike, the IDF takes feasible precautions in order to mitigate incidental harm to civilians and civilian objects to the extent possible under the circumstances.”

Police are indeed “part of the country’s armed forces. By that logic, anything with a flag on it is a legitimate target,” Ali Vaez, the director of International Crisis Group Iran Project, said.

Although Basij is a paramilitary group, any strikes against it would require precautions to minimise harm to civilians, Haque told Bellingcat. “Since the hostilities almost entirely involve aerial bombardment, the concrete and direct military advantage anticipated from strikes on Basij members who qualify as combatants is extremely low, so significant harm to nearby civilians would be disproportionate and illegal,” he said.

When asked about potential civilian casualties in the checkpoint strikes, the IDF told Bellingcat that since the Basij are subordinate to the IRGC and are therefore part of the armed forces, they are regarded as lawful military targets. Regarding the checkpoint strikes specifically, they stated “precision munitions and surveillance means were used in the strikes, as part of the precautions taken under the circumstances to mitigate expected incidental harm”.

Bellingcat reached out to US Central Command (CENTCOM) to ask if the US had any role in the police station strikes identified but received no official comment at the time of publication. 

The data collected so far for these sites can be found here.

Miguel Ramalho and Felix Matteo Lommerse contributed to this report.

Bellingcat is a non-profit and the ability to carry out our work is dependent on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Patreon channel here. Subscribe to our Newsletter and follow us on Bluesky here, Instagram here, Reddit here and YouTube here.

The post “Make Iran Ungovernable” – Tracking Efforts To Destroy Iran’s Police Infrastructure appeared first on bellingcat.

The challenges of conducting open-source research in China are well-documented. Consistently named one of the most digitally oppressive countries in the world, China blocks some of the world’s largest social media platforms, such as Facebook, Google, and YouTube. Those that are still accessible are mostly Chinese-owned, strictly regulated and monitored in real time by AI systems as well as tens of thousands of “internet police”. 

But despite these strict controls, Chinese apps – which boast more than a billion estimated users – remain an information goldmine for investigative journalists covering stories both within and outside China.

Support Bellingcat

Your donations directly contribute to our ability to publish groundbreaking investigations and uncover wrongdoing around the world.

Donate

Since most foreign sites are banned, Chinese platforms are the largest resource available to journalists and researchers interested in what’s going on in the world’s second-most populous country. Even when a topic is being censored, patterns in the censorship can themselves serve as investigative leads: a 2020 BuzzFeed News investigation, for example, mapped out detention camps in Xinjiang by examining areas that had been blanked out on China’s Baidu Maps.

With millions of Chinese people living overseas, social media activity by members of the diaspora can also turn into global stories.

Serial rapist Zou Zhenhao, a Chinese PhD student, was jailed in London last year after one of his victims posted a warning on Xiaohongshu, also known as Little Red Book or Rednote, an app popular with young Chinese women living abroad. Another woman Zou had raped reached out to the original poster, who put her in touch with the police – leading to the conviction of a man described by police as possibly one of the worst sexual predators in British history.

Founded in 2013 as a Hong Kong shopping guide, Xiaohongshu has evolved into a lifestyle and e-commerce platform that has been compared with Instagram, Pinterest and Amazon. Last year, it reported about 300 million monthly active users, rivalling some of China’s largest social media platforms.

The app’s 600 million daily searches by the end of 2024 also accounted for half of market leader Baidu’s search volume, demonstrating that it is emerging as a critical search and discovery engine, not just a social platform.

Although primarily a Chinese-language app, Xiaohongshu gained attention in the English-speaking world last year, when millions of American TikTok users flocked to the platform in anticipation of a TikTok ban under US President Donald Trump. 

Responding to the surge of international users – sparked by the #TikTokRefugees trend – Xiaohongshu rolled out an AI-powered translation feature, making the app more accessible to non-Chinese audiences. This also meant that journalists without Chinese language skills can more easily communicate on and navigate the platform.

Despite its growing popularity both within and outside China, the app is relatively new and underexplored compared to more well-established platforms such as Weibo. 

This guide aims to provide a starting point for those looking to explore Xiaohongshu for open-source investigations, including an overview of its main user demographics, potential topics to explore and strategic search methods specific to the app. 

User Demographics and Topics

According to Xiaohongshu’s official data, the platform’s demographic profile is mainly young, female and urban. As of 2024, 70 percent of its users were women, with half of all users belonging to Gen Z and living in China’s largest cities. 

As previously mentioned, the app has also gained popularity with the Chinese diaspora. Many Chinese nationals living abroad use it as a search engine for local information, posting and searching for content related to their daily lives, from restaurant recommendations and apartment hunting to navigating foreign bureaucracies and finding community resources. 

This demographic profile makes Xiaohongshu particularly well-suited for investigating stories about consumer fraud and urban livability issues. For example, Chinese outlets like Jiemian have used Xiaohongshu posts to expose the grey-market ecosystem of paid reviews and fake endorsements tied to the platform’s e-commerce model, while in 2022, International Financial News traced a mother-and-baby store scam that defrauded over 400 parents back to product recommendation posts on the platform.

Given its predominantly female user base, Xiaohongshu has also evolved into one of China’s most important spaces for feminist discourse and women’s issues. Academic researchers have used content on the platform to analyse local discussions on menstrual shaming, sexual harassment, and the controversial “divorce cooling-off period” introduced in 2021. As Rest of World reported, women have increasingly congregated on Xiaohongshu, where they outnumber male users and have found ways to trick the app’s recommendation algorithm so their posts are shown mostly to other women.

The Relevance of Censorship

Political content and current affairs about China are largely absent from the app – a result of both active censorship and platform design. 

All Chinese social media platforms, including Xiaohongshu, operate under strict content moderation requirements from the Cyberspace Administration of China. A leaked 143-page internal document published by China Digital Times in 2022 revealed how Xiaohongshu censors respond to government directives in “real-time”, blocking content related to politically sensitive topics such as criticism of the Chinese Communist Party, labour strikes and student suicides. Xiaohongshu’s commercial focus also makes it less likely that these topics would be discussed on the platform: as Rest of World reported, the platform functions less like Weibo – a public square for current events – and more like “a giant mall, where shoppers tell each other what to buy”.

Related articles by Bellingcat

Resources

The Challenges of Conducting Open Source Research on China

Coverage of international affairs is also tightly controlled: only state-owned or state-controlled news organisations can obtain licences to publish original news content. However, content about life abroad, particularly stories about the cost of living, healthcare, or social problems in Western countries, circulates more freely on platforms including Xiaohongshu, and provide journalists with insight into how Chinese diaspora communities engage with local political systems. 

For example, when the 2025 Miss Finland was accused of making anti-Asian gestures, searching for “芬兰小姐” (Miss Finland) and “投诉” (complaint) on Xiaohongshu revealed a trove of collective action: users shared different complaint pathways, posted templates for filing reports, and documented various outcomes from their complaints. 

For such large-scale public events, Xiaohongshu can be both an organising platform and a rich source for tracking how diaspora communities coordinate responses to discrimination, providing journalists with insight into grassroots activism and transnational advocacy networks.

Getting Started

Xiaohongshu is available for download on both Apple’s App Store and Google Play worldwide, or can be accessed via a web browser. In international app stores, the app appears under the name “RedNote,” but this is the same application as Xiaohongshu – content and accounts are shared across both. The key difference is that RedNote users who register with overseas phone numbers are automatically tagged as international users, which affects the content the algorithm surfaces to them.

For users who download the app outside mainland China, Xiaohongshu automatically detects the device language and location. Upon first login, international users are prompted with an option to automatically translate all content into English (or their device language). If enabled, posts and comments will display with translations by default, and the algorithm will prioritise English-language content and posts created by or for international users, such as expat influencers.

For researchers and journalists seeking to observe the platform as Chinese users experience it, consider disabling automatic translation. This allows you to see content as it natively appears and helps you distinguish between posts created for international audiences versus those created for domestic users – a distinction that matters when assessing how representative your sample is for the relevant topic.

The default home feed, or the “Explore” tab, is where the algorithm surfaces content based on your engagement history, location and user profile. The feed uses a grid layout displaying post thumbnails with titles and like counts.

On the top right corner of the screen, the search bar also allows keyword searches across posts, users and topics. Results can be filtered by content type (e.g. notes, videos, users or products) and sorted by relevance or recency.

Using the Search Bar

Xiaohongshu’s search function is relatively basic. You can search by keywords and filter by time and location, but the options are general: time filters include “past day,” “past week,” or “past six months,” while location filters offer “same city” or “nearby”. 

For example, searching “Canada” returns posts tagged with that keyword, which you can then sort by recency or proximity. 

For breaking news events, try searching location names or names of individuals involved in the incident, filtering for the most recent posts to capture real-time reactions and on-the-ground accounts before they’re censored or deleted.

Xiaohongshu primarily uses algorithms to curate and push content through personalised feeds. For journalists using Xiaohongshu for investigative purposes, it can be useful to actively search for topics of interest to train your algorithm – the more you search and engage with specific content, the more relevant posts the algorithm will surface to you.

However, if you are researching the platform itself – studying what content Xiaohongshu promotes, how censorship operates, or what narratives dominate – you may want to start from a clean slate. In that case, consider periodically turning off personalised recommendations (Settings → Privacy Settings → Personalisation Options), clearing your browsing history, clearing cached data, or using a fresh account to observe what the platform shows to a “neutral” user.

Language and Lingo

During the influx of “TikTok refugees” in January 2025, Xiaohongshu launched a translation feature for users outside mainland China, enabling the automatic translation of comments and posts. 

However, this does not translate search queries. The platform’s search engine is still optimised for Chinese, though there is a “prioritise English” filter for overseas users, and searching in English will return some results.

But the language you search in shapes far more than just your results – it determines which version of the platform you see. When you search in English or use an international account, the algorithm treats you as a foreign user and surfaces content accordingly: influencers explaining why they love living in China, comparisons showing Chinese life favourably against the West. 

This isn’t a neutral cross-section of the platform – it is a curated bubble. To access what Chinese users actually discuss among themselves, it would be more effective to search in simplified Chinese and, ideally, use a China-registered account if you have access to one. If you don’t read Chinese, you can also consider using a translation tool (Google Translate, DeepL, or an AI assistant) to convert your search terms into simplified Chinese before entering them.

Despite such tools and the in-app translation feature, it is always useful when researching using Chinese platforms to work with a native speaker familiar with the local context. They can flag when an innocuous-seeming term actually carries hidden meaning, and help identify coded conversations about a censored topic.

On Xiaohongshu specifically, this coded language extends beyond political topics to include anything the platform’s algorithm might flag as “vulgar” or promotional. For example, users substitute fruits and neutral terms for body parts or sexual content to avoid being flagged as inappropriate – the peach emoji for buttocks, or 炒菜 (“cooking”) for explicit material. They may also use abbreviations and emojis for commercial terms to evade anti-marketing filters, such as “vx” (the abbreviation of how WeChat is pronounced in Chinese) or “绿” (“plus green”, apparently referring to WeChat’s green logo) for WeChat, or “米” (rice) or the moneybag emoji for money.

Advanced Search Strategies

For more sophisticated searching, consider using third-party marketing analytics tools like Xinhong and Qiangu, which can show trending topics, popular posts and engagement metrics, as well as identify key content creators posting about specific subjects. 

For example, on Xinhong, when you search for “Canada” in Chinese, it also shows show trending related searches such as “加拿大总理” (Canadian Prime Minister). Clicking through these suggestions leads to recent posts—for example, posts about Mark Carney’s latest statements at Davos, along with user comments and reactions.

While these tools are designed for marketers, they provide journalists with valuable capabilities: tracking how topics evolve, identifying influential voices in specific communities, and discovering related hashtags or discussions that might not surface through basic platform search. These tools often require paid subscriptions but can significantly enhance research efficiency for long-term investigations.

Another valuable feature is Xiaohongshu’s group chat function, where users gather around shared keywords and topics—from city-specific communities to niche interests. These groups are often highly active and provide access to candid community discussions that don’t appear in public posts. To find relevant groups, go to Messages → Group Square, where you can browse categories or search by keyword and request to join.

Monitoring active group chats related to relevant topics, whether that’s a specific city, industry, or issue, can help journalists and researchers stay updated on emerging issues and detect potential story leads before they become widely visible on public feeds.

Preserving the Evidence

Chinese social media content can disappear quickly and without warning due to censorship, making immediate preservation critical. 

Always take two preservation steps immediately upon discovering relevant content:

First, screenshot the entire post, including the URL, timestamp, username, like/comment counts, and location tags. These metrics establish context and authenticity. Use tools that capture full-page screenshots rather than just visible portions, as posts can be long and comments extensive. Second, archive the web page using services like archive.today or Wayback Machine. Note that these services capture only static content – comments and engagement metrics may not be fully preserved and should be screenshotted separately.

For Xiaohongshu specifically, always preserve the user’s unique ID found in their profile URL when viewed on a browser, which follows the format “user/profile/[unique ID]”. Users can change their display names, but this unique identifier remains constant, allowing you to track accounts over time even after name changes. This is critical for long-term investigations or when monitoring specific sources.

Xiaohongshu operates under the same legal and censorship constraints as all Chinese social media platforms, and researchers should approach it with appropriate caution. Content moderation is extensive: users who post about sensitive subjects risk having their content removed or their accounts suspended, and the platform is required to comply with government data requests. For researchers, this means the information you find represents only what has survived the censorship process.

That said, Xiaohongshu remains a remarkably rich resource for open-source research. Its strength lies precisely in its apolitical, lifestyle-oriented identity: while political discussion is suppressed, candid conversations about everyday life flourish. For journalists willing to invest in learning the platform’s rhythms, building Chinese-language search skills, and understanding its coded vocabularies, Xiaohongshu offers a window into how ordinary Chinese people talk among themselves – an area that remains largely untapped by international media.

Bellingcat is a non-profit and the ability to carry out our work is dependent on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Patreon channel here. Subscribe to our Newsletter and follow us on Bluesky here, Instagram here, Reddit here and YouTube here.

The post Mining China’s ‘Little Red Book’ for Open Source Gold appeared first on bellingcat.

This article is the result of a collaboration with Indian media outlet Newslaundry. You can find Newslaundry’s editorially independent coverage here.

Indian companies have shipped more than 320 million synthetic opioid pills to West Africa – where they have not been approved by regulators – over the past three years, a Bellingcat investigation has found.

Export records from trade data provider 52wmb show that more than 1,400 consignments of tapentadol worth almost USD $130 million were sent from India to West Africa between January 2023 and December 2025.

Tapentadol, a painkiller two to three times more potent than tramadol, has not been approved for use in most West African countries, where some nations are grappling with an escalating opioid abuse epidemic.

However, this investigation shows that dozens of Indian suppliers have flooded the region with tapentadol over the past three years. Where dosages were listed, more than half the pills were in powerful strengths of 200mg or more – dosages that are not even approved in India.

The exports, cross-checked against records provided by trade data aggregator ImportGenius, show most tapentadol pills sent between 2023 and 2025 had the coastal nations of Sierra Leone and Ghana listed as their declared destinations.

The two West African countries were collectively marked as the destination for more than 80 per cent of the total value of tapentadol sent to the region.

Experts have documented how drug traffickers adapt quickly to international regulations and law enforcement efforts. In 2018, India tightened export controls around the opioid tramadol, one of the most trafficked synthetic drugs to West Africa.

In 2021, the International Narcotics Control Board (INCB) said large-scale tapentadol trafficking had been identified, particularly in consignments destined for Africa. It had previously noted that India’s strengthened tramadol controls could lead traffickers to substitute the drug with other potent synthetic opioids.

A BBC investigation last year revealed that Indian company Aveo Pharmaceuticals was illegally exporting tablets containing a mix of tapentadol and the muscle relaxant carisoprodol to West Africa. This led India’s drug regulator, the Central Drugs Standard Control Organisation (CDSCO), to ban the manufacture and export of all combinations of the two drugs.

Bellingcat’s investigation, in collaboration with Indian publishing partner Newslaundry, reveals that the supply of tapentadol pills from India to West Africa has surged in recent years.

Export data from 52wmb shows the value of tapentadol sent to the region has risen from about USD $27 million in the three year period from 2020 to 2022, to almost USD $130 million from 2023 to 2025.

Julius Maada Bio, Sierra Leone’s president, in 2024 declared a national emergency over rampant drug abuse and branded kush – a toxic blend of psychoactive substances including cannabis and synthetic opioids – a “death trap”.

Authorities in Sierra Leone have intercepted illegal tapentadol, including last July when the National Revenue Authority (NRA) said it thwarted a smuggling operation near its north-west border with Guinea.

The NRA and other agencies including the Transnational Organised Crime Unit, National Drug Law Enforcement Agency, and the Pharmacy Board of Sierra Leone did not respond to Bellingcat’s requests for comment.

Ghana’s Narcotics Control Commission (NACOC) said the illegal importation of tapentadol was first recorded in 2022 after international efforts to curb the tramadol crisis resulted in criminal networks shifting production to other pharmaceutical opioids including tapentadol, tafrodol and carisoprodol.

The agency has recorded a “steady rise” in tapentadol trafficking over the past three years, with authorities seizing more than 3.7 million tablets (250mg strength). Most were traced back to India, it said.

“NACOC investigations confirm that the bulk of tapentadol is trafficked into Ghana through seaports and by air, via express courier services,” a spokesperson said. “At the ports, the drug is concealed in containerized cargo falsely declared as pharmaceuticals, electrical materials or household goods. Express courier services are used for smaller, high-value quantities, often packed alongside legitimate consignments to avoid detection.”

NACOC said Ghana had emerged as both a destination and transit hub for tapentadol, with the majority of intercepted consignments bound for Niger, Mali, Burkina Faso and Nigeria. When sold domestically, it said the street drug was promoted as a tramadol substitute.

Ghana’s Food and Drugs Authority (FDA) said last year that the abuse of pharmaceutical opioids such as tapentadol — commonly known on the street as “Red” — was on the rise.

The FDA told Bellingcat it had “never issued any permit” for the manufacture or importation of tapentadol, in any strength, to any importer or to any country. It said any tapentadol shipments to Ghana were for “trans-shipment to neighbouring country”.

Import data for Ghana shows that no tapentadol entered the country between 2023 and 2025, which supports NACOC’s position that the drugs are being concealed and falsely declared. Import data for Sierra Leone was not available through 52wmb.

India’s drug and pharmaceutical exports have grown to more than $30 billion a year, according to the Pharmaceuticals Export Promotion Council of India (Pharmexcil), a division of the ministry of commerce and industry.

While tapentadol is available in India on prescription in strengths of up to 100mg (immediate release) and 200mg (extended release), authorities are aware of its risk of misuse. Last year, the Indian drug regulator’s Technical Advisory Board said the Department of Revenue may be requested to schedule the painkiller under the Narcotic Drugs and Psychotropic Substances Act, which would tighten rules around its export.

To export pharmaceutical products at strengths that are not approved in India, exporters are required to obtain an export “no objection certificate” (NOC) from the CDSCO, for which they have to submit proof of the drug’s approval in the importing country. Publicly available information shows tapentadol is not approved for use in any of the West African nations identified as part of this investigation.

The CDSCO did not respond to questions from Bellingcat or our publishing partner, Newslaundry.

In response to “Right to Information” requests submitted by Newslaundry, the CDSCO said only two companies had been granted authorisation to manufacture tapentadol for export between 2019 and 2024. However, the trade data analysed by Bellingcat did not list either company as an exporter of tapentadol to West Africa.

The CDSCO also said it had issued export NOCs for tapentadol to 51 companies since 2024, but that these were not for export to West African countries.

Meanwhile, Bellingcat’s analysis of trade data shows that more than 60 Indian suppliers have exported tapentadol to West Africa since 2023. The exporters are mostly pharmaceutical companies but also include smaller operations, such as one company owned by a Nigerian man who sent more than US $4 million of tapentadol to Niger and Ghana.

Dinesh Thakur, co-author of the book Truth Pill, told Newslaundry there were gaps in India’s drug regulatory framework that made it possible for potentially unsafe medicines to be manufactured and exported without proper oversight.

“There is no regulatory framework which checks a genuine importer and counterfeit importer between countries,” said Thakur, a former pharmaceutical executive who now works as a public health activist.

Mohammed Adinoyi Usman, a consultant anaesthetist at Rasheed Shekoni Federal University Teaching Hospital in Nigeria, said tackling Africa’s opioid crisis was complicated by a lack of resources across the region, weak government responses, and inaction by law enforcement agencies.

He said more collaboration and intelligence sharing was needed, especially across West African countries, to combat the problem. “We see so many opioids coming into our region because of a range of factors including under-funded institutions like customs and drug agencies, weak border controls and corruption,” he said.

“Africa is different. Even southern Africa is different from western Africa – each region has its peculiarities. In Nigeria, we don’t have well-functioning institutions to help control it. But our government is trying.”

Dr Usman said access to prescription opioids in Africa was inadequate, and pointed to research showing the disparity in distribution of legal opioids to low-income countries compared to high-income nations that consume the bulk of the world’s pain relief medication. He said opioid abuse was linked to crime and negative health outcomes.

“Sadly, access to prescription opioids is very limited in Africa,” Dr Usman said, “but the costs of illegal use are high.”

Bellingcat is a non-profit and the ability to carry out our work is dependent on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Patreon channel here. Subscribe to our Newsletter and follow us on Bluesky here, Instagram here, Reddit here and YouTube here.

The post Painkiller Pipeline: 300 Million Tapentadol Pills Sent from India to West Africa appeared first on bellingcat.

Almost 800 Hungarian government email addresses and associated passwords are circulating online, revealing basic vulnerabilities in the security protocols of ministries involved in classified and sensitive work.

A Bellingcat analysis of breach data shows that 12 out of the government’s 13 ministries have been affected, which in some cases have exposed the confidential information of military personnel and civil servants posted abroad. 

Among those affected were a senior military officer responsible for information security, a counter terrorism coordinator in the foreign affairs department, and an employee whose role was to identify hybrid threats against the country.

The revelations come as Hungarians head to the polls this Sunday to decide if Viktor Orbán, leader of the right-wing populist party Fidesz and the country’s longest-serving prime minister, will be elected to a fifth consecutive term.

This is not the first time that deficiencies in the Hungarian government’s IT security have been revealed. In 2022, ahead of Hungary’s last election, Direkt36 reported that Russia’s intelligence services had gained access to the computer network of the Hungarian foreign ministry, including its internal communications channels.

It said Russian cyber attacks against the Hungarian government had been occurring for at least a decade and extended to the foreign ministry’s encrypted network for transmitting classified data and confidential diplomatic documents.

At the time, the foreign ministry denied it had been hacked. But in 2024, news outlet 444 published a letter that had been sent from Hungary’s National Security Service to the foreign ministry six months before the cyberattack was first reported. The letter linked the attacks to Russia and described more than 4,000 workstations and 930 servers as “unreliable”.

As part of this new analysis, Bellingcat identified a total of 795 unique email and password combinations among thousands of search results for Hungarian government domains in breach databases. Key departments that handle the country’s governance, defence, foreign affairs and finances were the worst affected.

The analysis does not include central government agencies that operate under the government’s official ministries and use separate domains, such as the tax and customs administration or the police – meaning breaches affecting government employees could be even more widespread.

The findings are not evidence of high-tech infiltration of Hungarian government systems. Instead, our analysis indicates that the breaches are more likely the result of poor digital hygiene. In many cases, staff used simple passwords along with their government email addresses for what appear to be non-work-related matters, such as signing up to dating, music, sport and food websites.

Some government workers used easy-to-guess passwords such as variations of the word “Password” or the number sequence “1234567”. One employee whose credentials were exposed in the 2012 LinkedIn hack used the password “linkedinlinkedin”. Another, in the defence ministry, used their surname. One leaked password from an employee in the foreign affairs ministry was “embassy13hungary”. 

Multiple breaches also contained phone numbers, addresses, dates of birth, usernames and IP addresses – data that, when exposed, could pose security risks.  

Additionally, a search of breach databases showed instances where computers have been infected with malware designed to steal login credentials. These records show that 97 machines across Hungarian government departments had been compromised, with stealer logs from as recently as last month found in the data.

Bellingcat contacted the Hungarian government’s spokesperson and the Prime Minister’s office, but did not receive a response.

The Weakest Link: Searching Breach Data

Breach databases are large collections of credentials harvested from previous cyber incidents. These databases can be searched by domain to identify email addresses belonging to a specific organisation, company or government. 

Bellingcat used Darkside, a paid service by District 4 Labs, to search the main email domains assigned to each of the Hungarian government’s 13 ministries. 

In total, 795 breaches containing government emails and associated passwords were identified. But most – 641 breaches – were linked to just four central institutions. 

In the examples detailed below, staff have been anonymised. However, Bellingcat has confirmed these accounts are genuine by cross-checking the employees named in the breaches against media reports and online profiles, such as LinkedIn.  

Ministry of Interior – this “super-ministry” oversees everything from health and education to the police, immigration, disaster management and local government 

Bellingcat identified 170 sets of emails and passwords linked to the domain used by the ministry in charge of domestic affairs. Passwords used by staff in this department included “Arsenal” and “Paprika”. Some used passwords that contained only three or four letters. We traced these accounts to professional profiles and government web pages listing both junior and senior staff.

One senior official in the prison service used the password “adolf”. After it appeared in breach databases the password was changed twice – first to a five-digit number and then to what appeared to be the name for a pet dog. The passwords were subsequently breached again. Bellingcat identified this employee through several instances of their name and email address being listed on public-facing documentation, including a press release celebrating an award for outstanding professional work.  

Ministry of Defence – responsible for national defence policy and directing the country’s defence forces

The credentials of staff working for the Ministry of Defence were found in 120 compromised records. This includes a 2023 breach of NATO’s eLearning services which resulted in 42 records containing emails, passwords and phone numbers becoming public.

The breaches peaked in 2021 but continued up to 2026. Included in the data were stealer logs, indicating that machines within the department may have been infected. 

Military personnel from junior ranks to command positions were identified. A Brigadier General used a common six letter nickname, based on his own, to sign up to a film festival. A Colonel specialising in “information security” took inspiration from an English football manager for his password: “FrankLampard”. A district director used the password “123456aA”, while a high-ranking member of Hungary’s delegation to NATO used a password that translates in English to “cute”. 

Ministry of Foreign Affairs and Trade – responsible for international relations, Hungarian embassies and consulates operate under the direction of the department

The credentials of current and former foreign affairs personnel have been exposed in dozens of data breaches from 2011 to February 2026. In total, there were 107 email and password combinations linked to this government ministry. 

Among the staff affected was a deputy head of mission, consuls, diplomats and communications personnel posted in Europe, the Americas and the Middle East. These include a counter terrorism coordinator, an EU spokesperson, and an individual whose role was to identify hybrid threats to Hungary.

Although the breaches peaked in 2020, with emails being found in 42 separate breaches indexed by Darkside, MFA emails have been circulated, often with passwords, in 36 separate breaches since the beginning of 2024. The most recent breaches were in 2026.  

Simple passwords appear to have left Hungary’s foreign affairs ministry vulnerable. In some cases, employees used a password that consisted of their own name and a two digit number. Others appeared to take inspiration from pop culture: “porsche911”, “frogger” and “Batman2013” are examples of real passwords used by staff.

Ministry of National Economy – oversees economic policy and financial strategy, including budget preparation and reducing national debt

Bellingcat’s analysis shows that staff in the Ministry for National Economy suffered 99 breaches. The Ministry of Finance, which was merged into this department in 2025, had suffered 145 breaches.

Among the breached data were the credentials of a deputy state secretary, who used the password “snoopy”. Other staff members used their date of birth or the word “Jelszo” – the Hungarian word for password.

A senior advisor who currently works in the ministry had their credentials breached four times using four different passwords, including “Kurvaanyad1” (roughly translated to “your mother is a wh**e”).

Cybersecurity Not Taken Seriously

Szabolcs Dull, a political analyst and the former editor-in-chief of the independent Hungarian news websites Index and Telex, said the government had failed to prioritise data security. 

“It’s clear from the data breaches that have come to light that government agencies did not take data security seriously,” he said. 

“This suspicion arose even when Russian hackers breached the foreign ministry’s IT system. That is why I believe Hungarian politicians and the public will interpret this new information as a continuation and confirmation of the Russian hacking story.”

Dull added that he was not aware of any investigation having been launched following the 2022 revelations of the Russian hack.

Kata Kincső Bárdos, a cybersecurity expert in Hungary, said it was difficult to understand why stricter controls would not be consistently enforced in government environments handling sensitive data.

She said governments should not only apply baseline rules for passwords – such as that staff use long, unique passwords and multi-factor authentication (MFA) – but also continuously monitor for compromised credentials and suspicious access patterns.

“Without MFA, systems become significantly more vulnerable to common attack methods such as phishing and credential stuffing,” she said. “A single compromised password can provide immediate access to internal systems.” 

Bárdos added that unauthorised access to government systems should automatically trigger incident response procedures, investigation and containment measures.

“It is also important to note that targeting lower-level employees is a well-documented and common tactic,” she said. “Attackers frequently gain initial access through phishing or weak credentials and then move laterally within systems.”

Bellingcat’s Ross Higgins and investigative journalist Eva Vajda contributed to this article.

Bellingcat is a non-profit and the ability to carry out our work is dependent on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Patreon channel here. Subscribe to our Newsletter and follow us on Bluesky here, Instagram here, Reddit here and YouTube here.

The post ‘Snoopy’, ‘Adolf’ and ‘Password’: The Hungarian Government Passwords Exposed Online appeared first on bellingcat.

Access to open source visuals of the current Iran conflict, which has spread to many parts of the Middle East, continues to be sporadic. Videos and photos from within Iran trickle out on social media as the Iranian internet blackout hinders the flow of digital communication. 

In past conflicts, satellite imagery has provided a vital overview of potential damage to both military and civilian infrastructure, especially when there are digital black spots or obstacles to on-the-ground reporting. But imagery from commercial providers is becoming increasingly restricted, leaving even those who have access to the most expensive imagery in the dark. 

Shortly after the war in Gaza began in 2023, Bellingcat introduced a free tool authored by University College London lecturer and Bellingcat contributor, Ollie Ballinger, that was able to estimate the number of damaged buildings in a given area. This helped monitor and map the scale of destruction across the territory as Israel’s military operation progressed. 

Bellingcat is now introducing an updated version of the open source tool — called the Iran Conflict Damage Proxy Map — focused on destruction in Iran and the wider Gulf region. 

It can be accessed here.

How it Works

The tool works by conducting a statistical test on Synthetic Aperture Radar (SAR) imagery captured by the Sentinel-1 satellite which is part of the Copernicus mission developed and operated by the European Space Agency. SAR sends pulses of microwaves at the earth’s surface and uses their echo to capture textural information about what it detects. 

The SAR data for the geographic area covered by the tool is put through the Pixel-Wise T-Test (PWTT) damage detection algorithm, which was also developed by Ollie Ballinger. It takes a reference period of one year’s worth of SAR imagery before the onset of the war and calculates a “normal” range within which 99% of the observations fall. It then conducts the same process for imagery in an inference period following the onset of the war, and compares it to the reference period. The core idea is that if a building has become damaged since the beginning of the war, then the “echo” (called backscatter) from that pixel will be consistently outside of the normal range of values for that particular area. Investigators can then further probe potential damage around this highlighted area.

The plot below shows how the process was applied to Gaza and several Syrian, Iraqi and Ukrainian cities. The bars represent the weekly total number of clashes in each place, sourced from the Armed Conflict Location Event (ACLED) dataset. The pre-war reference periods are shaded in blue, spanning one year before the onset of each conflict. The one month inference periods after the respective conflicts  began are shaded in orange. The blue and orange areas are what the tool compares. 

The plot below shows an area with a number of warehouses in Tehran’s southwest. Some of the buildings show clear damage in optical Sentinel-2 imagery (something that has to be accessed outside of the tool via the Copernicus Browser). 

Clicking on the map within the tool generates a chart displaying that pixel’s historical backscatter; the red dotted lines denote a range within which 99% of the pre-war backscatter values fall. In this example, we can see that from March 14 onwards, the backscatter values over this warehouse begin to consistently fall outside of their historical normal range. This could signal that damage has been detected in the area.

Two important aspects of this workflow are that it utilises free and fully open access satellite data, as opposed to commercial satellite services; the second is that it overcomes some key limitations of AI in this domain, the most serious of which is called overfitting. This is where a model trained in one area is deployed in a new unseen area, and fails to generalise. Because we’re only ever comparing each pixel against its own historical baseline, we don’t run into that problem. 

Accuracy

The PWTT has been published in a scientific journal after two years of review.  Its accuracy was  assessed using an original dataset of over two million building footprints labeled by the United Nations, spanning 30 cities across Gaza, Ukraine, Sudan, Syria, and Iraq. Despite being simple and lightweight, the algorithm has been recorded achieving building-level accuracy statistics (AUC=0.87 in the full sample) rivaling state of the art methods that use deep learning and high resolution imagery. The plot below compares building-level predictions from the PWTT against the UN damage annotations in Hostomel, Ukraine. True positives (PWTT and United Nations agree on damage) are shown in red, true negatives are shown in green, false positives in orange, and false negatives in purple. The graphic shows the accuracy of the tool, while also emphasising that further checks on what it highlights should be conducted to draw full conclusions.  

It is important to note that just because the tool may show a high probability of a building or buildings being damaged or destroyed, that doesn’t make it definite. 

It is best to check with any other available imagery — either open source photos and videos that’ve been geolocated by a group such as Geoconfirmed or Sentinel-2 as well as other commercial satellite imagery if it’s up-to-date for the area. At time of publication, Sentinel-2 satellite imagery still offers coverage over the area that the tool focuses on. Other commercial satellite imagery providers have limited their coverage.

What the tool excels at is highlighting and narrowing down areas so that further corroboration or further confirmation can be sought.

Testing the Tool

Using the Iran Conflict Damage Proxy Map, we can spot some of the larger areas of potential damage or destruction that have occurred since the Iran war started. 

Starting from a zoomed-out view of Tehran, there are a few spots that appear with large clusters of high damage probability. Cross-referencing these locations with open source map data from platforms like OpenStreetMap or Wikimapia, we can start finding sites that would make for likely targets – such as military sites.

One example of a potentially damaged site visible in the tool is the Valiasr Barracks in central Tehran, which was struck in the first week of the war. By going to the Copernicus Browser and reviewing the area with optical Sentinel-2 imagery, we can see clear indications of damage at the barracks.

IRGC Valiasr Barracks in Tehran:

A large Islamic Revolutionary Guard Corps (IRGC) compound near Isfahan is another example of military infrastructure that is readily visible in both the Iran Conflict Damage Proxy Map as well as Sentinel-2 imagery. 

IRGC Ashura Garrison in Isfahan:

Air bases have also been a frequent target for U.S.-Israeli strikes in Iran. The Fath Air Base just outside of Tehran, near the city of Karaj, shows the signature of potential damage when using the tool. Checking Sentinel-2 imagery shows damage to multiple large buildings on the northern side of the base.

Fath Air Base in Karaj:

The U.S. has stated that destroying Iran’s “defense industrial base” is also a goal, which makes large areas like the Khojir missile production complex east of Tehran a good location to search with this tool. The tool suggests large clusters of damage on both the eastern and western sides of the complex — near areas where solid propellant is reportedly produced and where other fuel components are reportedly made.

Khojir Missile Production Complex outside of Tehran:

Usage in the Gulf Region

While useful for providing a sense of damaged areas in Iran, the Iran Conflict Damage Proxy Map can also be used to see damage outside of Iran, particularly at sites in the region which Iran has been targeting with drones and missiles.

In the below example at Al Udeid Air Base in Qatar, which hosts U.S. Central Command’s Combined Air Operations Center, there is a notable indication of damage over a warehouse-like building at 25.115647, 51.333125. Checking the same location in Sentinel-2 imagery shows that there does appear to be damage at that warehouse — represented by a large blackened area on the white roof. According to Qatar’s Ministry of Defense, at least one Iranian ballistic missile struck the base in early March.

Al Udeid Air Base in Qatar:

Civilian sites struck by Iranian drones or missiles are also visible in the tool — though the damage has to be fairly large in order to be picked up. Something like damage to the sides of high rise buildings from an Iranian drone attack doesn’t readily appear in the tool. Sites that do appear are places like oil refineries, such as a fuel tank at Fujairah port in the United Arab Emirates. 

Fuel tanks at Fujairah Port, UAE:

Accessing the Tool

It’s important to keep in mind that the data for the Iran Conflict Damage Proxy Map is updated approximately one or two times per week as new satellite data is collected by the Sentinel-1 satellite, so it’s not meant to be a representation of real-time damage to buildings. 

Still, it can be useful for researchers to quickly gain an overview of damage throughout Iran and the Gulf where suspected strikes may have taken place and when there is no other open source information available.

You can access the Iran Conflict Damage Proxy Map here.

Similar tools using the same methodology to assess damage in Ukraine following Russia’s full-scale invasion and Turkey following the 2023 earthquake can be found here. The Gaza Damage Proxy Map can be found here. 

Bellingcat’s Logan Williams contributed to this report.

This article was updated on April 7, 2026, to note that Sentinel-1 and Sentinel-2 are part of the Copernicus mission developed and operated by the European Space Agency.

Bellingcat is a non-profit and the ability to carry out our work is dependent on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Patreon channel here. Subscribe to our Newsletter and follow us on Bluesky here, Instagram here, Reddit here and YouTube here.

The post When Satellite Imagery Goes Dark: New Tool Shows Damage in Iran and the Gulf appeared first on bellingcat.

Bellingcat has identified several high-profile incidents where authorities in the United Arab Emirates have downplayed damage, mischaracterised interceptions and in some instances not acknowledged successful Iranian drone strikes on the country.

A review of official statements shows that the public account does not always align with what can be observed through open sources. This comes as the UAE faces sustained aerial attacks on civilian and economic infrastructure, challenging its image as a secure global hub for business and tourism. Hours after the United States and Israel launched coordinated attacks on Iran on Feb. 28, the Islamic Republic responded by launching an attack against US-allies in the region including the UAE. 

In the wake of the attacks, the UAE’s attorney general warned that publication of images or videos of strikes was illegal. People were also encouraged to report anyone sharing photos or videos of the strikes to authorities. 

The country’s attorney general has ordered the arrest of 35 people and said they would face an expedited trial for “publishing video clips on social media platforms containing misleading, fabricated content and content that harmed defence measures and glorified acts of military aggression against UAE.” Separately police in Abu Dhabi reported they had arrested just over 100 people on suspicion of filming incidents related to Iran’s attacks on the UAE and sharing misleading information online.

Bellingcat contacted the Dubai Media Office, the Fujairah Media Office as well as the UAE’s Ministry of Defence to understand how statements are put out and how distinctions are made between successful drone strikes and damage caused by debris. We did not receive a response by the time of publication.

“Spreading Rumours is a Crime”

During the first days of the conflict several videos were posted on social media, primarily on X, TikTok and Telegram showing footage of Iranian attacks and interceptions across the UAE. 

Around the same time the Dubai Media Office, the X account of the Government of Dubai’s press office, warned followers that legal action would be taken against those sharing “unverified material”.

 The X account of the Dubai Media Office has more than 2.3 million followers making it one of the largest state-run accounts in the country. 

“The public and media are urged to rely solely on official sources for accurate information and refrain from sharing unverified material,” the account posted.

Dubai Police issued similar warnings on social media, stating that sharing content that contradicts official announcements could lead to imprisonment of at least two years and fines of no less than 200,000 dirhams (approximately $55,000).

Despite authorities urging the public to rely on official sources only, Bellingcat found that some of the videos posted online as well as satellite imagery from the region contradicts a number of official accounts of high-profile attacks. For this piece we have only included links to videos that have already been widely published in mainstream news outlets, posted by professional journalists, or have been widely viewed on social media.

Successful Interceptions?

On March 3, a video filmed from a vessel appears to show a drone striking the port of Fujairah, one of the UAE’s most strategically important energy hubs. The port handles roughly 1.7 million barrels of oil per day and is among the world’s largest.

The drone appears to approach its target intact, with no visible sign of interception, Sam Lair, a researcher at James Martin Center for Nonproliferation Studies, told Bellingcat. 

Moments after it descends behind storage tanks, an explosion is heard and a large plume of smoke rises from the site.

On the same day, the Fujairah Media Office stated that a fire resulted from debris following a successful interception, adding that the fire had been brought under control. Satellite images captured on March 4 and 5 show thick black smoke rising from the site. NASA FIRMS data also detected fires on March 3, March 4 and March 5. By March 7, satellite imagery shows at least three storage tanks fully destroyed (25.184565, 56.345481).

Detained in Dubai, a group that provides legal advice to people detained in the UAE, said that a Vietnamese national who filmed the strike on Fujairah port had been detained by authorities after posting the footage online. 

Authorities made a similar report on March 1, stating that a fire at one of the berths of Jebel Ali Port was caused by debris from an aerial interception. Satellite imagery from the same day shows fires at two separate locations – approximately 3 km apart – within the port. One appears to be a central facility associated with fuel handling operations, connected via pipelines to surrounding storage tanks (25.00704, 55.07499). The other is a large structure (24.97953, 55.05204) in the military area of the port, which is one of the US Navy’s busiest ports in the Middle East. The New York Times previously identified an Iranian strike as the cause of the fire at the site. 

Burj Al Arab: A “Limited” Fire

Damage at Dubai’s Burj Al Arab Hotel was attributed by the Dubai Media Office to “shrapnel” from an intercepted drone and described as a “limited” fire. However, footage shows the fire extended to approximately 30 metres in height, covering approximately eight floors of the building, suggesting a far more significant incident than officially described.  

Lair told Bellingcat that the damage appeared more consistent with a direct impact. He added that if the damage had resulted from an interception it would have occurred irresponsibly close to the building.

Fairmont The Palm: Omission of Cause

On Feb. 28, the Fairmont hotel in Dubai’s Palm Jumeirah area was struck by a drone, as shown in footage verified by Bellingcat.

However the Dubai Media office did not confirm a strike took place, instead they stated  only that an “incident occurred in a building in the Palm Jumeirah area,” and urged the public not to share footage.

One video of the fire was shared by a Dubai-based Bloomberg journalist. In the replies to the journalist’s post, multiple users tagged the Dubai Police, a pattern seen across posts documenting the strikes, in an apparent effort to flag violations of the cyber-crime laws to authorities.  

The aftermath of the strike was also captured by a content-creator who has since left the UAE. 

Radha Stirling, founder of Detained in Dubai, told Bellingcat at least five people have been confirmed by the British embassy to have been charged and detained under the UAE’s cybercrime law in connection with documenting this strike. According to Stirling, authorities have sought access to individuals’ phones following incidents to determine whether they filmed or shared footage.

“Even just taking a photo is illegal, it’s illegal to share content that the government deems negative, even in a private message,” Stirling said.

Dubai International Airport: An Unacknowledged Strike

On March 7, the Dubai Media Office announced the temporary suspension of operations at Dubai International Airport, stating only that a situation was being handled under safety protocols. 

Footage that emerged online around the same time, and was verified by Bellingcat, shows a drone strike next to an airport terminal building (25.24165, 55.37498).

Stirling told Bellingcat that she has been in contact with a cabin crew member who was detained after sending an image to colleagues of Dubai airport after an explosion. 

Warda Complex: A Direct Hit

On March 1, a drone struck a residential apartment on the 19th floor of the Warda complex in Dubai (25.004320, 55.293164). Two videos filmed from different angles show the drone hitting the building directly, with no visible sign of interception. In one clip, filmed inside the apartment, a British resident says: “We’ve just been hit by a drone… I didn’t even finish my cup of tea.”

The footage shows relatively limited damage and no explosion, indicating the drone did not detonate. However, the incident appears to show a direct hit by an Iranian drone.

In contrast, statements published the same day by the Dubai Media Office describe air defence activity and attribute sounds heard across the emirate to successful interception operations. Bellingcat was unable to find any acknowledgement of a direct hit in UAE media.

These cases point to a gap between official accounts and observable evidence, raising questions about how incidents are being presented to the public.

Influencers and Narrative Control

At the same time, pro-government messaging has proliferated online. A number of near-identical videos posted by influencers promoting the UAE’s safety and leadership appeared, often using the format: “You live in Dubai, aren’t you scared?” followed by images of UAE leaders and the response: “No, because I know who protects us.” 

Analysis by the BBC found that some of these videos were uploaded within seconds of each other, suggesting coordinated activity.

Stirling told Bellingcat that influencers in the UAE, who require licences to operate, are often paid to promote official narratives. “They are seen as an asset,” she said, describing them as “almost an extension of the government.”

As of April 1, UAE media reported that a total of 12 people had been killed and 190 injured by strikes since the beginning of the war.  

“People are dying. It’s not as safe as the government is reporting. It’s not as safe as influencers are reporting. It’s like a dream narrative that you wish was true.” Stirling said.

Bellingcat also identified a number of incidents in which authorities reported deaths or injuries caused by “debris” following “successful interceptions”. In these cases, however, we were unable to identify supporting photo, video, or other independently verifiable evidence to corroborate the official account.

Notably, fewer videos of such incidents appear to have emerged online in recent weeks, likely as public awareness of detentions under the cyber-criminality law has increased.

Jonathan Dagher, head of the Middle East desk at Reporters Without Borders told Bellingcat that the UAE government was using the Iran war to further restrict independent reporting in the country. 

“When the conflict began, the government stepped up this repression, explicitly prohibiting the public (including journalists) from publishing photos or information related to the strikes, and encouraging the public to report on such incidents.”  

He added that legitimate concerns about national security should not infringe on the public’s right to information. 

“Broad and loosely worded bans on covering events, in the name of security, violate this right and expose journalists to arrest and violence.”

Bellingcat contacted the Dubai Media Office, the Fujairah Media Office as well as the UAE’s Ministry of Defence to understand how statements are put out and how distinctions are made between successful drone strikes and damage caused by debris. We did not receive a response by the time of publication.

Lana Nusseibeh, a representative of the UAE’s Foreign Ministry previously told the BBC: 

“In order for everyone to feel safe it’s important at this time that the information is credible and the sources are reliable. That is the basis of the legislation that has come into play in this State, which is obviously a tense time.” 

She added that her advice for residents, citizens, tourists and journalists in the UAE was to: “Follow the guidelines. The guidelines are there for your safety and for your protection.” 

Merel Zoet contributed to this report.

Bellingcat is a non-profit and the ability to carry out our work is dependent on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Patreon channel here. Subscribe to our Newsletter and follow us on Bluesky here, Instagram here, Reddit here and YouTube here.

The post The War You’re Not Allowed to See: How the UAE Rewrites the Story of Iranian Strikes appeared first on bellingcat.

This article is the result of a collaboration with Josimar. You can find Josimar’s corresponding piece here.

A European academic used a false name to represent an opaque Asian-facing bookmaker that is sponsoring Croatia’s national football team in the run up to the 2026 FIFA World Cup.

Croatia’s national governing body of football, the Croatian Football Federation (HNS), struck the deal to make gambling website Dragon Z6 the team’s “exclusive betting partner” across Asia in May 2024.

Promotional footage of the ceremony to ink the two-year agreement was filmed in Zagreb, with Croatian national team players Marco Pašalić, Lovro Majer and Josip Juranović in attendance.

A video posted to Dragon Z6’s website shows HNS International’s chief executive Dennis Lukančić and the federation’s head of marketing Ante Cicvarić signing the contract with the bookmaker’s representative.

“We hold Dragon Z6.com in high regard,” Cicvarić said in the clip. “A brand with a 25 year legacy and a stellar reputation for providing an exceptional gaming experience. Their motto, ‘Life is a gamble’, resonates deeply with us.”

Dragon Z6’s representative, who is named on screen and in a placard as “Alexander Smith”, described the deal as a “momentous partnership”. 

He said: “The Dragon Z6.com family proudly welcomes the Croatian national football team. We embark on an exciting journey to realise our shared ambitions.”

But the man who appears in the footage on behalf of Dragon Z6 is not Alexander Smith. He is Branko Balon, a senior lecturer in computer science at Algebra Bernays University in Zagreb. 

The Croatian national was identified using facial recognition search engine PimEyes, with images from his Facebook, university profile and media reports confirming the match.

In addition to his university position, Balon is the president of non-profit group the Croatian-Chinese Friendship Society for Cultural, Scientific and Economic Cooperation (CCFS).

He appears to have visited China on several occasions, including last July when he took part in a visiting scholar programme with the Nishan World Center of Confucian Studies in eastern China’s Shandong province, according to his Facebook posts.

Six months before the signing ceremony with HNS, Balon reportedly addressed a Zagreb sports and tourism symposium whose attendees included representatives from the Croatian Football Federation.

After initially confirming receipt of an email from Bellingcat, Branko Balon did not respond to questions. Dragon Z6 did not respond to multiple emails.

Dennis Lukančić said the Croatia Football Federation respected the rules and regulations of the sport’s governing bodies as well as Croatian law, but did not answer specific questions about how it became involved with Dragon Z6 or if it was previously aware of Balon’s real identity.

“Regarding the signing ceremony, we note that the Croatian Football Federation did not publish or officially communicate the identity of the Dragon Z6 representative present at the event,” he said. “As is customary with such ceremonies, the event itself was of a promotional nature and did not constitute the formal execution of contractual documentation.”

“The Croatian Football Federation is not in a position to comment on the internal decisions, communications, or presentation choices of Dragon Z6, including the use of names or identities in their own materials or appearances. Any questions regarding the identity or representation of Dragon Z6 at promotional events are best addressed to Dragon Z6 or their representatives. 

“In any of our proceedings we always negotiate in good faith and we respect all rights and obligations that arise from any agreement.”

Lukančić said the federation had carried out “standard compliance and due diligence procedures” before entering the deal and that the agreement was executed between the relevant legal entities, with Dragon Z6 “represented by their duly authorised signatories”. 

Asked which country Dragon Z6 was headquartered in, who its beneficial owner was, and for the name of the person who signed the contract on behalf of the gambling company, Lukančić said: “In our previous email we gave you already all answers and our position in this matter.”

We also asked if the Dragon Z6 deal includes sponsorship during the upcoming FIFA World Cup, but did not receive a response. England is Croatia’s first opponent, facing off against the Three Lions in Dallas on June 17.

The Many-Headed Dragon

Open source findings suggest that Dragon Z6 – sometimes referred to in Chinese as “Zunlong Kaisheng” – is just the latest iteration of an Asian-facing online gambling platform that has been sponsoring Western sports teams under different names for more than a decade. Dragon Z6 appears to be associated with the Hong Kong-linked gambling company KashBet, also known as KB88.

Gambling does not occur directly on the Z6.com domain. The site is essentially a gateway that redirects users to a fluctuating number of mirror websites with alphanumeric string domains. These Chinese-language sites host the gambling content, including live-streamed card games, and provide clues about Dragon Z6’s association with KashBet.

The image of Dutch former professional footballer Robin van Persie is featured prominently on Dragon Z6’s mirror sites. In the “About” section of these websites, the online casino says it signed van Persie as its brand ambassador in 2021. The same photograph of him is used interchangeably to promote both Dragon Z6 and the KashBet brand.

Van Persie’s agent, Kees Vos, said the footballer had not entered into a partnership with Kashbet, was not involved with Dragon Z6, and had not been aware that his image was being used on these websites.

Related articles by Bellingcat

Europe

Stream Teams: Battery Farming Sport For Bets

“We have taken notice of the abuse of the image of our client Robin van Persie by several Asian gambling platforms, and we will instruct our lawyers to take legal action against these parties,” Vos said.

Z6’s mirror sites also say Zunlong Kaisheng is the “official sponsor” of Bundesliga clubs Bayer Leverkusen and Augsburg, Brazilian side Fluminense, Italian club Roma, English league team Wigan Athletic and Dutch club Ajax. 

However, it was KashBet that signed sponsorship deals with these football teams in 2017 and 2019. No record of a sponsorship with FC Augsburg was found, but KB88 was promoted in pitchside advertising during one of the team’s 2019 home games.

In 2019, Australian football team Melbourne Victory dropped their AFC Champions League sponsor “Kaishi Entertainment” after concerns were raised about the company’s link to Kashbet. 

KashBet’s representative at the signing with Bayer Leverkusen was the same person who represented Kaishi Entertainment during the Melbourne Victory announcement in the same year.

A YouTube channel branded as “Zunlong Kaisheng” and featuring the Dragon Z6 logo hosts a 2024 video titled “Welcome to Dragon Casino”. It shows a tour of a facility where female croupiers are live-streamed operating table games. 

The video also features framed photographs purporting to show various ceremonies. These include the KashBet image of van Persie, as well as club teams AS Roma and AFC Ajax’s Asian betting partnerships with KB88 in 2017. Another photo claims to show former Real Madrid, Chelsea and Belgium footballer Eden Hazard becoming a Dragon Casino “brand ambassador” in 2020.

Bellingcat’s emails to representatives for Eden Hazard, who was recently announced as a “global ambassador” for online gambling platform Stake, were not returned.

The location of the facility is not stated but open source evidence shows it was filmed in the Philippines, where offshore gaming operators were banned in 2024. Reverse image searches confirm one section of the promotional video was shot in the five-star Peninsula Hotel in Makati City, Manila.

Offshore Corporate Labyrinth

Dutch club Ajax, who were sponsored by KB88 in 2017, said their deal involved Hong Kong firm KB88 Entertainment Culture Limited. A company based in the British Virgin Islands is also behind trade names linked to KB88, according to a 2023 investigation by Dutch outlet NRC. But the entities purportedly in control of the gambling platform do not stop there.

Dragon Z6’s site links to a 2012 statement posted by English Championship club, Queen’s Park Rangers (QPR), announcing a one year deal to make KashBet the club’s international betting partner. The press release, which was removed from QPR’s website earlier this year, said KashBet was “fully owned and operated by Keen Ocean Entertainment (IOM) Limited” and licensed and regulated by the Gambling Supervision Commission (GSC) on the Isle of Man.

Records from the Isle of Man company registry show a company named Goldenway Investments (UK) Limited was incorporated in 2010 and changed its name to Keen Ocean Entertainment (IOM) Limited a month later. The company’s two directors were all residents of the Isle of Man, adding Hong Kong resident Yong Tang as the third director in November of that year. A company acting as the secretary, Rivercroft Limited, is also named in documents.

An archive of the Isle of Man’s Gambling Supervision Commission’s 2012-13 annual report shows that Keen Ocean Entertainment obtained a full online gambling license. This enabled it to enter into the QPR deal as the regulated body behind Kashbet.

Filings on the Isle of Man register are low on detail. Balance sheets are not filed, and the only documented activity about the company was the occasional movement of Isle of Man-based directors. By November 2015, Yong Tang was the sole director of the company. 

In 2016, Keen Ocean Entertainment was informed by the Companies Registry that it did not have the authority to maintain its registered office at the address it had given as its premises. Yong Tang did not respond to this correspondence, according to the available documents, and the company was subsequently struck off the register.

Gaming Compliance International (GCI), a regulatory intelligence firm that monitors the global online gambling market, said Dragon Z6 and KashBet did not have a current gaming license in any credible jurisdiction.

Ismail Vali, GCI president and the founder and former chief executive of Yield Sec, which tracks gambling and streaming marketplaces, said Dragon Z6 “ruthlessly” targeted audiences in China – where gambling is illegal – but that did not mean the operators were based there.

“Generally, in the illegal gambling model, they use triangulation and separation,” he said. “It’s the most basic form of organised crime: operate your business in one place, incorporate your business in another, make your money from many places, bank your money in many places, and, finally, invest and spend it everywhere to create more crime. Separating the elements of the illegal activity creates problems for tracing, policing and enforcement.”

Vali said Western football associations that are struggling to operate on shrinking budgets could be lured into sponsorship deals with unregulated and illegal gambling companies, which were focused on building brand recognition through live-broadcast games.

“The illegal gambling companies aren’t focused upon making money from the direct audience of the clubs or from the football association’s footprint in Croatia,” he said. “What they are making money from is the audience the football matches are broadcast to globally. They want to communicate what the brand is and because it’s associated with international soccer people think it must be trustworthy.

“The whole point here is to recruit you through sports. That’s the cheapest way to get you interested because you want to place a bet on Croatia versus the Czech Republic in the World Cup qualifiers. Once they recruit a customer cheaply via sports events, they can then cross-sell or migrate them into casino and more products – where the profit margin is far higher.

“Unregulated gambling companies want a blended customer – they don’t just want you for sports betting, they want you for everything.”

Ross Higgins and Connor Plunkett contributed to this article.

Bellingcat is a non-profit and the ability to carry out our work is dependent on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Patreon channel here. Subscribe to our Newsletter and follow us on Bluesky here, Instagram here, Reddit here and YouTube here.

The post Croatia’s Football Team Signed Deal With Gambling Sponsor Whose Rep Used Fake Name appeared first on bellingcat.

The video posted by a state branch of India’s ruling Bharatiya Janata Party (BJP) showed Assam chief minister Himanta Biswa Sarma shooting an image of two men in Muslim skull caps. “Foreigner-free Assam”, read one caption across the video. “Why did you not go to Pakistan?” said another. 

One of the men in the photo that Sarma was portrayed as shooting was Gaurav Gogoi, a leader of the Indian National Congress (INC), the BJP’s main competitor in Assam for the state’s upcoming legislative elections next month. 

Gogoi has stated that he is Hindu but enjoys visiting different religious sites and observing their norms. He has been photographed wearing traditional Muslim attire during religious occasions such as Eid. 

But the image of him in the video shared by BJP Assam, wearing a casual singlet with a skull cap, was not one of those occasions. 

Bellingcat has seen several dozen videos posted by the BJP that use generative artificial intelligence (AI) alongside anti-Muslim and anti-Bangladeshi messaging in the border states of Assam and West Bengal in December last year, ahead of legislative elections scheduled in both states for April.

Bellingcat analysed 499 social media posts containing photos and videos shared on Facebook, Instagram and X by the BJP’s official accounts in the two states for this time period, finding 194 posts that appeared to meet the United Nations’ definition of hate speech: discriminating against persons or communities based on inherent characteristics such as religion and national origin. Of these, 31 (about one in six of the hateful posts) contained the obvious use of AI-generated imagery. 

These appear to be part of a larger pattern of politicians and parties globally using generative AI to amplify hateful or divisive content, particularly ahead of major political events such as elections. 

Ahead of the New York City mayoral race last year, Andrew Cuomo’s official X account shared, then deleted, an AI-generated video depicting Mamdani eating rice with his hands and a Black man in a keffiyeh shoplifting. In Italy, several opposition parties complained to a communications watchdog after deputy prime minister Matteo Salvini’s League party published a series of AI-generated images depicting men of colour attacking women or police officers. And in the UK, videos by an AI-generated rapper funded by the far-right Advance UK party, with lyrics targeting Muslims, were viewed millions of times. 

A Campaign of Hate

Both Assam and West Bengal share a border with Bangladesh. BJP, the world’s largest political party, is currently in power in Assam, where legislative elections are scheduled on Apr. 9. West Bengal, which goes to the polls on Apr. 23, is governed by the Trinamool Congress (TMC).

Tensions between India and Bangladesh worsened after former Bangladeshi Prime Minister Sheikh Hasina, who enjoys close ties with Delhi, was ousted in 2024 and fled to India. 

US-based international affairs expert Mohammed Zeeshan told Bellingcat that the “dehumanising and debasing” terminology used in India to refer to alleged illegal Bangladeshi immigrants, including by senior ministers, has caused resentment towards India in Bangladesh. 

“The situation, in fact, was so bad that Hasina herself had subtly warned the Modi government in public statements that Indian domestic rhetoric was endangering Bangladeshi Hindus, who bore the brunt of that resentment,” Zeeshan said. 

Related articles by Bellingcat

Asia-Pacific

The Fall of Sheikh Hasina: Footage from the Streets of Bangladesh

Zobaida Nasreen, a professor of anthropology at Dhaka University, said that anti-Muslim rhetoric intensified by BJP leaders reinforces the belief in Bangladesh that Muslims and Bengalis are being collectively targeted in India.

“Viral videos containing this message tend to spread quickly across Bangladeshi media and social platforms especially on Facebook, enhancing perceptions of hostility and triggering anti-India sentiment or nationalist backlash,” she added.

In December, the month our dataset was collected, Dipu Das, a Hindu garment worker, was beaten to death at an anti-India protest in Bangladesh over allegations that he had made derogatory remarks about Islam. 

And while the administration led by Bangladesh’s newly elected leader Tarique Rahman has sought to reset strained ties, most of the hateful social media posts we saw posted by the BJP in December attacked Bangladeshi Muslims and/or Bengali-origin Muslims in India, showing how tensions between the two countries continue to influence political messaging in India’s border states.

Bellingcat’s analysis included a total of 202 posts by BJP Assam and 297 by BJP’s West Bengal branch on their official accounts. We also looked at posts shared by BJP’s main opponent parties – 194 from INC in Assam and 357 from the TMC in West Bengal – during the same time period in December. 

This included all visual social media posts (containing photos or videos) by each party in December, except those that did not appear to contain any overt political messaging, such as those simply commemorating public holidays. We only counted each photo or video once, regardless of how many platforms it was shared across. 

Although all of the major parties contesting in the Assam and West Bengal state elections appeared to use AI-generated imagery in some of their posts, there appeared to be a particularly high concentration of hateful messaging in the ones posted by the BJP’s accounts. 

In Assam, we identified 28 posts by BJP using apparently AI-generated imagery, of which 24 carried hateful messaging. Of the 194 INC posts we looked at from December, 41 appeared to feature AI-generated imagery, but none of these appeared to carry hateful messaging. 

In West Bengal, we found 14 BJP posts that contained clear indicators of AI-generated imagery, seven of which were hateful. We also identified 15 posts by the incumbent TMC that appeared to feature AI imagery, but none of these appeared to meet the definition of hate speech. 

Support Bellingcat

Your donations directly contribute to our ability to publish groundbreaking investigations and uncover wrongdoing around the world.

Donate

When contacted for comment, BJP Assam spokesperson Rupam Goswami did not directly respond to questions on the party’s general use of AI but said they did not post any AI-generated photos of Gogoi. “BJP does not stoop so low,” he told Bellingcat.

As for the “point blank” shooting video, Goswami initially said the person responsible had been punished and removed from the party. However, when asked about Sarma saying that he would re-post the video with those he was depicted shooting labelled as “Bangladeshis”, Goswami said, “[Bangladeshis] need to be completely suppressed.”

BJP West Bengal did not respond to multiple requests for comment by Bellingcat via phone and email.

It is important to note that as generative AI technology improves, it can be increasingly difficult to detect AI-generated imagery. Our manual count of AI-generated imagery only included posts that had obvious signs of generative AI such as unnaturally smooth textures and multiple people with the same faces. It is therefore possible that there were other images in our dataset where generative AI was used more subtly. 

However, Joyojeet Pal, Professor of Information at the University of Michigan, told Bellingcat that the quality of these visuals, or whether they looked real, was not the priority. 

“What politicians in India have understood is that the sociocultural drivers of misinformation are most important for elections, so they harp on about things to the extent that they have started to not care about form over substance. It looks bad? It doesn’t matter,” he said.

More important to voters, according to Pal, was whether they already believed in the narrative contained in the videos, which generative AI could help create more quickly: “AI is helping cement polarised opinions by giving you the kind of content you have already decided you want to engage with.” 

When asked about INC’s use of AI, party spokesperson Aman Wadud said that it was obvious that some of the videos they posted were made with AI and that there was no intention to mislead. 

“AI can be both destructive and creative. We are using it in a creative manner, we are not using it in a destructive manner. We don’t violate people’s dignity, we don’t falsely accuse people,” he said.

TMC did not respond to Bellingcat’s multiple requests for comment via phone and email by publication time.

Portraying Bengali Muslims as ‘Foreigners’

The largest category of hateful messaging Bellingcat observed in the BJP’s posts targeted Bangladeshi or Bengali-origin Muslims, referring to them as “infiltrators” or “foreigners”. We counted 66 such posts by the BJP’s Assam and West Bengal branches from December, of which eight appeared to contain obvious AI-generated imagery. 

Bengali-origin Muslims are often stereotyped as “illegal immigrants” in the state, although members of the community have lived in India since the late 1800s. 

Last year, the BJP deported thousands of alleged undocumented migrants – reportedly including Indian Muslim citizens – to Bangladesh. Human rights groups have called the deportations unlawful and discriminatory, as well as lacking in due process. 

One video referencing this theme shows AI-generated visuals of protests against “illegal infiltration” in Assam, with the caption urging people to “wake up” or the country would “turn into Bangladesh”. 

A different one uses real footage from past violence in Assam mixed in with images of Muslim men. A song playing in the background accuses them of taking over “Assamese land” and shows AI images of “Assamese” people, i.e. those not in stereotypical Muslim clothing, crying.

Both videos use religious markers to draw a distinction between “infiltrators” – men in skull caps or lungis associated with Bengal-origin Muslims – and “citizens” in non-Muslim attire. 

Clothing is often used by the Hindu far-right as a visual shorthand for identity and a deepening religious divide. In 2019, Prime Minister Narendra Modi said of protests against a controversial citizenship law that those responsible for violence could be “identified by their clothes”. 

In the hateful posts seen by Bellingcat, both real and AI-generated images of opposition figures – particularly Gogoi – were shown alongside messaging that suggested that they supported “foreigners” or “infiltrators”. 

The Center for the Study of Organized Hate (CSOH) also noted, in a 2025 report on AI-generated imagery and Islomophobia in India, that Hindu far-right politicians and media outlets have invoked and reinforced the trope of Muslims as “infiltrators” for years. 

“AI-generated images on these themes reinforce associations between Muslim identity and illegality, reinforcing xenophobic and Islamophobic stereotypes. In doing so, they play a powerful role in justifying exclusionary policies and normalising discrimination against Muslims,” the report said. 

‘Save Hindus’

Zenith Khan, a data analyst who worked on the CSOH report, noted that AI-generated propaganda was often tightly knit with current political moments, and its impact depended on “timing it right” especially when “people are emotionally charged”. 

The violence against the minority Hindu community in Bangladesh has been used by the BJP to raise concerns over the safety of Hindus in India. 

Days after Das’ lynching, the Assam state branch of BJP posted a video with an image of his face – except that it was manipulated with AI to show tears streaming from his eyes. “Save Hindus”, said the text accompanying the video. 

Posts by BJP’s West Bengal unit also seemed to frame Muslims as criminals or threats. A video, styled after the TV show “Stranger Things”, raised alarms over an “upside down” version of the state under the current government. 

A man is depicted being chased by men in skull caps. Arrows label them as “Ralib,” “Galib,” and “Chalib” – a play on Muslim names ending in “-lib” – in case the skull caps left any ambiguity about their Muslim portrayal. 

INC filed a police complaint in September last year against the BJP for sharing AI videos targeting Gogoi and the Muslim community, as well as another complaint in relation to the video of Sarma portrayed as shooting two men “point blank” in February. 

INC Assam spokesperson Wadud said that no action had been taken on the party’s police complaints as far as he knew. 

Disinformation researcher Bharat Nayak told Bellingcat that it has always been tech platforms’ responsibility to control new types of content. 

“The goal post can’t shift. This has always been a tech problem,” he said. 

When this responsibility is shrugged off, Nayak added, the result is a lack of accountability. “If you’re using old videos from other countries as new, you will have people countering you. But AI-generated videos can be shared without context just to spread hate – like showing people in skull caps – and the ‘when, where, how’ questions vanish.”

Both Meta – which owns Facebook and Instagram – and X have policies against hateful conduct. 

Meta also announced in 2024 that it would start adding “AI info” labels to more content detected as AI-generated, while some X users spotted a similar feature introduced on the platform last month. Only five of INC’s AI visuals that we identified – and none of those by TMC or the BJP – had a disclaimer that said “AI-generated”. 

Bellingcat reached out to Meta and X for comment on whether the posts we identified breached their terms of use regarding hateful conduct or labelling AI-generated posts. A Meta spokesperson said they were reviewing the flagged content and “will take appropriate action on any violations of our policies”. As of publication, X had not responded.

Kalim Ahmed from Bellingcat’s Discord Community contributed research to this piece.

Bellingcat is a non-profit and the ability to carry out our work is dependent on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Patreon channel here. Subscribe to our Newsletter and follow us on Bluesky here, Instagram here, Reddit here and YouTube here.

The post How India’s Ruling Party is Using AI to Boost Hate Speech in States Near Bangladesh appeared first on bellingcat.

Since launching the military campaign against Iran on Feb. 28, the US and Israel have dropped thousands of bombs on the country. Videos of explosions have become a source of misinformation and misunderstanding, with many of the strikes incorrectly attributed to a particular munition and many explosive effects – seen in footage and images – falsely attributed to “mystery” or illegal weapons.

Take the below post that initially suggested (although it said more analysis was required) that the US may have used a nuclear weapon in Iran, an outlandish and clearly incorrect claim that experts Bellingcat spoke to had little time for.

IMPORTANT UPDATE AND NOTE: The following is not a complete assessment and I require more data to verify first use. This is a surface level observation but it must be noted.

The US used what appears to be, without additional details, a nuclear weapon on Iran delivered by a… pic.twitter.com/7ucJNdGyNi

— Korobochka (コロボ) (@cirnosad) March 11, 2026

The post, set to private after the publication of this guide, appeared to suggest that a nuclear explosion happened in Iran. Source: X/cirnosad

“The video does not show a nuclear explosion—something that I am astonished even needs to be clarified,” Dr NR Jenzen-Jones, Director of Armament Research Services, a weapons intelligence consultancy, told Bellingcat.

Mushroom clouds can form when explosions produce hot gases that quickly rise and encounter resistance from denser, colder air. (Clouds created by nuclear weapons can also vary significantly in appearance.)

“Certain types of explosive munitions, such as those working on the fuel-air explosive (FAE) and thermobaric principles, are particularly poorly understood by non-specialists. As a result, these and other types of munitions are routinely misidentified,” Jenzen-Jones said.

Support Bellingcat

Your donations directly contribute to our ability to publish groundbreaking investigations and uncover wrongdoing around the world.

Donate

Often posts about explosives are incorrect or inaccurate because of a lack of knowledge about how explosives work, but in other cases misinterpretations are deliberate. Joe Dyke, director of programmes at Airwars, told Bellingcat that deliberate disinformation that shifts responsibility of a strike is the most common they see, with posts often sharing flimsy but “scientific sounding” analysis.

Better understanding explosives can make it easier to identify misinformation surrounding explosions. 

This guide explains explosives, their characteristics and the impact they have on people and infrastructure. We highlight the differences between thermobaric and Dense Inert Metal Explosives (DIME), two types of explosives that are frequently the subject of misinformation.

What Are Explosives?

Explosives are energetic materials capable of causing death and destruction through a rapid release of energy. The blast creates pressure waves emanating from the epicentre. These waves can directly kill or injure people and shatter objects into lethal fragments.

High explosives are typically used in warheads and shells; they differ from low explosives which are often used in rocket propellants. The supersonic speed of the explosive reaction- classified as detonation- also separates the two kinds of explosives. During detonation, temperatures can rise above 3,000 °C, but only briefly and very close to the reaction zone, Dr Sabrina Wahler, a Postdoctoral Scholar at the California Institute of Technology focusing on research of detonation products told Bellingcat.

The detonation creates a shockwave, which is a visible wave or bubble in high speed videos. The shockwave impacts people and objects before the sound of the blast can be heard.

The shockwave is the result of the pressure pushing air away from the blast in the positive phase. When the air rushes back in the negative phase, it creates a suction effect.

The shockwave arrival time, combined with a known distance, has been used to estimate the explosive weight of blasts, including the Beirut explosion in 2020.

Reactive materials, such as aluminium powder, are often added to explosives to improve performance. These metals react with the gaseous products from the detonation, resulting in increased energy output, Jacqueline Akhavan, a Professor of Explosive Chemistry at Cranfield University, told Bellingcat.

Sometimes, reactive metals such as aluminium from the explosive composition can be seen burning outside the fireball, indicating an explosive with reactive metal.

The size of a fireball does not necessarily indicate the blast’s power. In movies and airshows, a “Hollywood shot” involves igniting large amounts of gasoline with small amounts of explosives, creating spectacular fireballs with minimal pressure.

Thermobaric, and dense inert metal explosives (DIME), are other types of explosive compositions where metals are added to modify specific effects.

Thermobaric Explosives

In January 2024, after an attack in Gaza, social media posts appeared claiming that thermobaric explosives “literally sucks the air out of the children’s lungs and causes them to internally explode”. According to an article by Dr Rachel Lance, a biomedical engineer specialising in patterns of injury and trauma from explosions “there is no evidence that thermobarics pull the air out of the lungs”. 

There were also claims that thermobaric weapons incinerate people. According to a report by the Armament Research Services, the effects of this type of explosion “are of the same nature as those expected from a conventional high explosive”. The only difference is that the duration of each effect is likely to be longer from a few milliseconds to tens of milliseconds and in a pressure wave with a lower peak.

This occurs because thermobaric explosives add a significant amount of fuel or reactive metals to the explosive composition. Some of the fuel burns after detonation. These munitions are effective against cave or bunker systems, as the pressure wave can travel further throughout the structure.

Visual differences can indicate the types of explosives used. Even within the same category, explosives may appear different because of variations in chemical composition, conditions where the explosion occurs, and video quality.

TÜBİTAK SAGE’den yerli termobarik patlayıcıda yeni bir adım daha!

Kapalı alanlarda yüksek darbe ve sıcaklık etkinliğine sahip yeni bir termobarik patlayıcı

TENDÜREK’ten sonra KOR ile geleneksel patlayıcılara göre 4 kat daha yüksek sıcaklık etkinliği pic.twitter.com/N4yZ8YvMi9

— TÜBİTAK SAGE (@SageTubitak) March 5, 2020

Comparison of KOR, a thermobaric explosive, and TNT, in a test by TÜBİTAK SAGE, a Turkish Defense Research Organization. Source: X/TÜBİTAK SAGE.

Many countries, including the US, Russia, China, Ukraine, Iran and Turkey, use enhanced blast and thermobaric explosives. Russia has used them in Ukraine and Syria. Israel uses munitions that have variants featuring thermobaric warheads, but the use of thermobaric explosives has not been confirmed.

Fuel-air explosives are similar to thermobaric explosives, but function differently. Both are volumetric weapons, but fuel-air explosives disperse a cloud of fuel, then the explosion occurs.

Dense Inert Metal Explosives

Unsubstantiated claims of DIME munitions have regularly surfaced since 2006, when they were first alleged to have been used in Gaza. Similar claims have reappeared in Gaza since the war began on Oct. 7, 2023. 

Dense Inert Metal Explosives (DIME) are typically used in munitions intended to reduce civilian harm. Non-reactive metals, like tungsten, added to the explosives reduce the area impacted by the blast, but increase the power. Often munitions filled with DIME replace steel casing with carbon fibre to reduce fragmentation.

Some sources refer to DIME as a multiphase blast explosive, a term that also covers some explosives with reactive metals. Photos from testing show mannequins near the blast coated in tungsten powder.

Some claims of DIME use in Gaza mention the presence of powder or microscopic shrapnel found on victims. “Peppering” and “tattooing” are mentioned (warning: graphic content) as common injuries in blast victims, where the explosion propels small debris like sand into the body, along with fragments of various sizes.

The US Air Force has accepted delivery of at least 500 DIME-filled GBU-39A/B bombs, and has used at least 23 in combat. No transfers of GBU-39 A/B FLM bombs from the US to any other country, including Israel, have been reported, and a Bellingcat analysis of GBU-39 strikes in Gaza between October 2023 and January 2026 did not find any evidence of this variant being used.

There is currently no conclusive evidence that militaries aside from the US have used DIME in combat.

Clues From Clouds

Clouds, and the colours of the smoke can provide clues about the type of explosive. However, chemical composition, environmental conditions, and location can all affect how explosions appear. 

Clouds

This footage, originally posted on social media in November 2025, shows an explosion in Gaza.

The Israeli army launched thermobaric and pressure bombs, supplied by the United States, on Gaza. These bombs, which burn at a temperature of 3,500 degrees Celsius, are capable of killing thousands in seconds, leaving no trace. pic.twitter.com/pZhoIfsazP

— China pulse (@Eng_china5) February 12, 2026

Video of an explosion in Gaza, falsely attributed as a thermobaric weapon. Source: X/@Eng_china5.

The visible cloud in the video is a condensation or Wilson cloud, caused by an explosive shockwave interacting with humid air. This same effect is visible in videos of the Beirut explosion in 2020, when ammonium nitrate exploded at the port after a fire.

Another view of the explosions in Beirut pic.twitter.com/efT5VlpMkj

— Borzou Daragahi (@borzou) August 4, 2020

Video of the 2020 Beirut ammonium nitrate explosion. Source: X/Borzou Daragahi.

Smoke colours

Colours in the smoke of an explosion can help identify the gases, which in turn can help identify the explosive material, Dr Rachel Lance told Bellingcat. “Yellow, orange, and red tones each indicate the presence of specific chemicals.” 

Black smoke means “the bomb produced a lot of fire and inefficiency, because materials burned instead of detonated, and was probably a homemade or improvised explosive”. White or light grey smoke indicates “an efficient detonation, and that tells us it was a pure, high-grade material inside,” Lance said.

Some munitions, like cruise or ballistic missiles, may have efficient high explosives, as well as low explosive propellants or fuel. The area targeted, such as buildings, may lead to dust or debris that obscure the gases created by the explosion. 

In some cases, multiple bright fireballs are launched into the sky, accompanied by a rapid humming or throbbing sound and bright flashes. This typically happens when solid-fuel rocket motors, like those in air defence or ballistic missiles, are burning or exploding.

Major secondary explosions after a U.S. airstrike in the vicinity of Higuerote Airport in Venezuela tonight. pic.twitter.com/NrFOVj9IfM

— OSINTtechnical (@Osinttechnical) January 3, 2026

Venezuelan Buk Air Defense System rocket motors ‘cooking off’ after being targeted by US strikes in Jan. 2026. Source: X/Osinttechnical.

Geolocation

Geolocation of the explosion site can help identify or rule out potential explanations. Large explosions can be caused by much smaller bombs hitting storage sites or production sites for ammo. The geolocation of the video below indicated that the location hit was a storage area for missiles.

Qom today looks like it was hit by a GBU 57 bunker buster.

The GBU 57 Massive Ordnance Penetrator is a 30,000 pound bunker busting bomb designed to penetrate deep underground before detonating. pic.twitter.com/d4bGJ19nQb

— Open Source Intel (@Osint613) March 11, 2026

Video shared by a user claiming this video shows the use of a GBU-57 “Massive Ordnance Penetrator”. A now-suspended user claimed the video showed the “Mother of All Bombs”. Source: Osint613.

Blast Effects on People

Misinformation regarding blast effects on people might lead to reports of harm to be wrongly dismissed or false claims about mystery weapons to spread.

In February 2026, claims of “vaporisation” or disintegration of people due to thermobaric weapon explosions appeared online. Days later, counterclaims argued that explosives can’t “disintegrate” people and thermal effects were not responsible.

According to multiple studies, even less powerful explosives can cause disintegration. When explosions occur in enclosed spaces, such as inside a building, they reflect shock waves, leading to increased blast effects.

Blast injuries are generally classified into four categories, based on what mechanism is causing the injuries.

The primary effect, the blast itself, “puts tremendous strains on human tissue, causing them to rip and tear, both internally and externally, so massive internal bleeding can occur,” Brian Castner, a weapons investigator for Amnesty International, told Bellingcat.

Primary injuries can lead to a variety of symptoms, including vertigo, vomiting blood, and bleeding from the ears. A viral post shared by the White House Press Secretary claimed to be firsthand testimony from a Venezuelan security guard following US strikes in Venezuela. The post alleged that the US used a sonic weapon without any supporting evidence, and the symptoms described are typical of primary blast injuries.

The secondary effect results from the metal fragments of the munition. Some weapons are specifically designed to break into uniform small pieces, Castner said. “Even small fragments, the size of a bullet, can break a bone, since the metal is flying through the air so quickly,” the weapons investigator explained.

Even single fragments can injure or kill people hundreds of metres away from a blast. People close to it may be largely disintegrated, often described (warning: graphic content) as “total body disruption” in Forensic Medicine.

“Combined, these blast and fragmentary effects can do horrific damage to the human body, and if a person is close enough to a large munitions detonation, leave little trace they ever existed,” Castner told Bellingcat.

A recent Bellingcat investigation into three specific US-made munitions used in Gaza found videos showing small pieces of human bodies consistent with total body disruption, at several different strikes within the dataset.

Explosions can also cause burns or thermal injuries. Temperature is not the most relevant factor, because “by the time a human body is exposed to the temperatures of a burning explosive, people will have severe trauma and death,” Dr Lance told Bellingcat.

In many real-world cases “the blast pressure reaches farther than the thermal flash,” Dr Sabrina Wahler said. “The thermal danger becomes much larger and longer lasting when the explosion occurs in a confined space, when the formulation supports continued burning with air, or when the detonation triggers secondary fires that keep generating heat well after the initial blast,” she noted.

Flash burns are often seen on exposed parts of the body close to the blast (warning: graphic content). Explosions that start fires or contain incendiary materials can result in severe burns.

Are These Explosives Legal?

Misinformation often raises questions about legality, with false claims that specific weapons are inherently illegal or misrepresenting how they work. This is one of the reasons that nations conduct legal reviews of new weapons, Michael Meier, a former Senior Advisor to the Army Judge Advocate General for Law of War, and current Adjunct Professor at Georgetown University Law Center, told Bellingcat.

Thermobarics and DIME are legal if their use complies with specific principles of international humanitarian law (IHL) and the law of armed conflict (LOAC), such as proportionate and discriminate use, experts told Bellingcat.

“Even lawful weapons can be used in an unlawful manner”, Michael Meier said. One example is when they are directed against civilians or when they are used in a manner that breaches the principles of distinction or proportionality, he explained.

“The law’s ability to prevent harm is constrained by the compromises between military necessity and humanity made in its creation,” Dr Arthur van Coller, Professor of International Humanitarian Law at the STADIO Higher Education and a legal expert on thermobaric explosives, told Bellingcat.

“As a result, weapons that cause immense destruction may remain lawful (even nuclear weapons) if they fit within legal definitions, even when their humanitarian impact is severe,” van Coller explained.

Bellingcat is a non-profit and the ability to carry out our work is dependent on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Patreon channel here. Subscribe to our Newsletter and follow us on Bluesky here, Instagram here, Reddit here and YouTube here.

The post Explosive Misinformation: A Guide to Mushroom Clouds, ‘Sonic Weapons’ and Disintegration appeared first on bellingcat.

Bellingcat has geolocated and verified two new videos showing the deadly strikes that hit an Iranian Revolutionary Guard Corps (IRGC) compound as well as an adjacent school in the city of Minab in late February.

The new videos were released by Iran’s Ministry of Foreign Affairs and show multiple missiles hitting the complex. 

One of the new videos shows the area around the school being struck while the other shows a nearby IRGC clinic and two buildings within the IRGC facility being hit by Tomahawk missiles. 

Support Bellingcat

Your donations directly contribute to our ability to publish groundbreaking investigations and uncover wrongdoing around the world.

Donate

Visual and solar analysis of the videos appears to show there was a time gap between when each was filmed, suggesting that there were at least two waves of strikes carried out in the area. 

Applying the same solar analysis techniques to social media footage that showed the school after it had been hit indicates the school was impacted during the first wave of strikes.

Previous investigations by Bellingcat and other news organisations showed a US Tomahawk missile struck the IRGC facility on Feb. 28. 

The US is the only party to the conflict to possess Tomahawk missiles.

Media reports, including from the New York Times and Reuters, have since detailed that a preliminary investigation by the US military concluded it was likely a US strike that hit the Shajarah Tayyebeh elementary school.

According to Iranian media, at least 175 people were killed in the attack, including children.

Analysing New Minab Videos

The first video (video one) is filmed from just over 2.5 kilometres (1.5 miles) away from the IRGC base and shows at least 10 missiles impacting the area over a period of 50 seconds.

The first explosion is visible five seconds into the video. The area around where the school was located is struck at 14 seconds. This is the fourth explosion visible in the footage.

Another structure that was damaged in the strikes is situated approximately 100 metres away from the school in the same general area. It was therefore not possible to determine which exact structure was hit from this footage alone.

The second new video (video two) was filmed approximately two kilometres southeast of the school, and is of a higher quality than video one. This video shows three Tomahawk missiles in the moments before impact.

Video two includes annotations and pauses when each Tomahawk appears on screen. 

A frame-by-frame analysis also shows what appear to be two minor visual glitches where some frames are transposed and annotations were added, highlighting when missiles can be seen.

The second impact seen in video two is the same as seen in footage released by Iranian media in early March, and previously reported on by Bellingcat and others, only from a different perspective.

Video two also only shows the southern part of the base, with its northern section not visible. The school is located on the northern edge of the base and is therefore not visible in video two.

Bellingcat asked the Iranian Ministry of Foreign Affairs why only part of the strike, as seen in video one, was released and if there was a longer version that may show further impacts. We did not receive a response before publication.

Bellingcat also asked the US Department of Defense whether it had any further information on the strike since its reported preliminary findings. It referred us to CENTCOM, which said: “We have nothing for you on this. The investigation is still ongoing.”

Geolocating the Videos

Bellingcat was able to geolocate and verify video one by tracing sightlines on satellite imagery to determine the camera’s location and identify objects such as buildings, trees and a water tower within the IRGC facility. 

According to this analysis, video one was most likely filmed from an electric substation southeast of the school.

Once all key elements were identified and geolocated, we analysed each explosion that can be seen in the footage. 

Fourteen seconds into video one, the fourth impact appears to hit the area immediately around the school, which was approximately 200 meters behind a water tower. 

While the school was walled off and outside the IRGC facility, the water tower and another building (situated between the school and the water tower) are located within it.

Due to the relatively small distance between the school and the other IRGC building (roughly 100m), it was not possible to determine what structure was hit at the moment of the strike visible in video one.

More information, such as obtaining the entire strike video sequence, would be needed to fully determine which structure was hit in this footage. However, social media footage captured at the scene does suggest that the school was hit around this time.

For video two, we stitched together a rough panorama of what could be seen in the footage. 

This made it possible to match up multiple buildings visible southeast of the IRGC base and school, while also building rough sightlines to show which part of the base was being filmed.

Bellingcat was able to narrow down the areas hit by the three missiles seen in video two by comparing it with the point of view of a short video released in early March, showing a Tomahawk hitting the complex, as well as with what could be seen in video one. Post-strike satellite imagery also helped confirm the buildings that were hit in the footage. 

We were thus able to determine that video two shows an IRGC clinic and two buildings within the IRGC compound being hit.

Time of the Strikes

The Iranian Ministry of Foreign Affairs has claimed that two waves of strikes occurred. 

Initial analysis did suggest that video one and two appeared to be filmed at different times as the strikes visible in each clip cannot be synced up. 

Solar data also gives clues as to the time each was taken, suggesting that there was a time gap of at least an hour between the strikes seen in the two videos.

According to the New York Times, the strikes were first reported on social media just after 11:30 am.

Solar data, derived by the direction of shadows visible in video one and simulated via the SunCalc platform, appears to indicate it was filmed between 10:30 and 11:30am.

Analysing the shadows seen in the earlier March video using the same method, appears to show that it was filmed between 13:30 and 14:30. 

This would seem to indicate that video two and the earlier March video were likely filmed after video one.

Solar data from a video posted to Telegram showing the smouldering school, and damage to the nearby IRGC building about 100m away, shows that it was recorded around the time of the first video.

This, therefore, appears to confirm that the school was impacted before the wave of attacks seen in video two.

Iranian media previously released images of munition remnants they claim they recovered from the school. 

Bellingcat was not able to verify where the remnants were originally found, but was able to identify them as Tomahawk missile remnants. The New York Times also confirmed this identification by matching the contract number on a remnant to a contract for the Tomahawk missile.

Bellingcat’s Carlos Gonzales, Jake Godin and Trevor Ball contributed research to this article.

Bellingcat is a non-profit and the ability to carry out our work is dependent on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Patreon channel here. Subscribe to our Newsletter and follow us on Bluesky here, Instagram here, Reddit here and YouTube here.

The post Two Waves of Bombing: New Videos Reveal Further Details About Iran School Strike appeared first on bellingcat.

The US appears to have deployed the Gator Scatterable Mine system over Kafari, a village near Shiraz, in southern Iran overnight. Several people were killed according to Iranian media. 

Three experts told Bellingcat the munitions appeared to be air-delivered US-made Gator anti-tank mines. 

The US is the only participant in the Iran war known to possess Gator Scatterable Mines. 

Bellingcat asked the US Department of Defense whether it had dropped the mines overnight, but did not receive a response at time of publication.

Dr NR Jenzen-Jones, Director of Armament Research Services, told Bellingcat that the images appeared to show US-made anti-tank landmines. 

“These images show what appear to be American BLU-91/B scatterable anti-tank landmines. 

“The BLU-91/B is dispensed from the CBU-78/B or CBU-89/B air-delivered cargo bombs (cluster munitions). 

“The presence of square ‘aeroballistic adaptors’ indicates that the mines seen here were delivered by air. Similar mines can be dispensed from the vehicle- or helicopter-based Volcano system.”

Amael Kotlarski, Weapons Team leader at Janes, also identified the mines as BLU-91/B ‘Gator’ anti-tank mines. Kotlarski told Bellingcat “the BLU-91/B is dispensed from either the US Air Force’s CBU-89/B (72 BLU-91/B and 22 BLU-92/B) or the US Navy’s CBU-78/B (45 BLU-91/B and 15 BLU-92/B).”

He elaborated that the BLU/92B is an anti-personnel mine, similar in appearance to a BLU/91B, though not identical.

“No BLU-92/B is observable in the photographic evidence presented so far. This could be that they have not been found, or that the dispensers were loaded solely with AT mines to help reduce the risk to civilians.”

Gator Scatterable Mines System

The Gator system is an air-delivered dispenser system or cargo bomb that distributes mines over an area. These dispensers contain a mixture of either 94 or 60 BLU-92/B anti-personnel and BLU-91/B anti-vehicle mines depending on which dispenser is used. These dispensers release the mines over an area of approximately 200 by 650 metres.  In the images reviewed by Bellingcat, it is not clear which dispenser was used, or how many dispensers were deployed.

Andro Mathewson, an independent open source analyst, who formerly worked at landmine-clearing NGO The HALO Trust, told Bellingcat the images showed BLU-91/B mines.

Some of the images of the mines posted by Iranian media show an aeroballistic adaptor. The aeroballistic adaptor is only present on the BLU-91/B and BLU-92/B, not on other mines within the US Family of Scatterable Mines (FASCAM), indicating that these were deployed from a Gator system aircraft dispenser.

BLU-91/B and BLU-92/B Mines and Self-Destruct Features

Both BLU-91/B and BLU-92/B mines are activated two minutes after being deployed; however, a very small number can fail to properly arm and explode. These mines also have self-destruct features with a variable delay which means they may randomly explode hours or days after they are dispensed. They may also explode if disturbed. These features make them particularly dangerous.

The self-destruct can be set for 4 hours, 48 hours, or 15 days, but the mines may self-destruct before then.

So far, only visual evidence of magnetically influenced BLU-91/B anti-tank mines has been posted online, but these mines are usually deployed alongside the anti-personnel BLU-92/B. The BLU-92/B also deploys tripwires.

In addition to the self-destruct features, the BLU-92/B anti-personnel mines have an anti-handling device (AHD) that is intended to make the mine explode when disturbed. While BLU-91/B anti-tank mines do not have an anti-handling device (AHD), they “may detonate when moved, because the mine may sense a significant change from its original orientation.”

Amael Kotlarski of Janes told Bellingcat that “The mine will go off if subjected to significant movement.” This could explain local reports that a man was killed when he picked one up near his car. 

Uniquely US Weapons

The US is the only participant in the war known to possess these mines. They were developed after the US stopped supplying arms to Iran. A review of Stockholm International Peace Research Institute’s (SIPRI) Arms Transfer Database, and US Major Arms Sales does not show any transfers of these mines to Israel.

Dr Jenzen-Jones also told Bellingcat that “Scatterable anti-tank landmines may have been employed to deny vehicles access to or from so-called ‘missile cities’. This could both prevent TELs [missile launch vehicles] from leaving, and limit efforts to re-establish access to facilities (for example, by preventing excavators from operating at collapsed entrances).”

Bellingcat geolocated some of the mines to the village of Kafari, Iran (coordinates 29.50544059, 52.48745447 and 29.50964897, 52.48920842). This video shows at least three mines approximately two kilometres away from the entrance to what is reported to be Shiraz South Missile Base, an Iranian “missile city.” 

Bellingcat asked the US Department of Defense to confirm whether they dropped mines in this area, how many were deployed, and what the intended target was. They did not respond at time of publication.

Bellingcat was unable to determine how many more mines were scattered over the village. Some mines may not yet have been found due to where they landed. 

Bellingcat’s Carlos Gonzales and Logan Williams as well as Felix Matteo Lommerse contributed research to this article.

The post Evidence Points to US Scattering Mines over Iranian Village appeared first on bellingcat.

Munition remnants pictured at the site of a strike that killed at least 17 people in the town of Tiné, Chad, last week appear to match a weapon previously used by Sudan’s Rapid Support Forces (RSF) in the war with Sudanese government forces – despite RSF denials of involvement in the incident.

Photographs showed what appeared to be a match for the rear control section of a Chinese-made GB25A or GB50A bomb, which can be dropped by Chinese-made drones. Amnesty International previously identified a GB50A used by the RSF that it said had “almost certainly” been re-exported to the group by the UAE. 

The first photographs of the remnants were posted by Chad’s by ATPE CHAD publication, which reported a public prosecutor had visited the site of impact.

A separate set of photographs showing even clearer visuals of the remnants was subsequently shared by the N’Djamena-based broadcaster MRTV. It’s Facebook page showed Chadian soldiers standing beside the remnants.

Images were also posted by posted on Facebook by the Department of Public Safety and Immigration in Chad.

By using the time displayed on a watch worn by an official in one of the pictures it was possible to estimate that the images were likely taken in the late afternoon. By comparing this with solar data, the shadows visible in the photos and other visual details, it was then possible to infer the approximate layout of nearby buildings and the distribution of trees where the remnants were found.

With this information, and using satellite imagery, we then geolocated the photos to the northwest of the Bir Tine neighbourhood, just 650 metres from the border with the Western Darfur region of Sudan that is largely controlled by the RSF.

Remnants from the control sections of other GB25A or GB50A bombs have previously been found after RSF attacks in Sudan, including attacks on Kassala Airport and Coral Marina Hotel in Port Sudan (as seen in the images below).

BBC News reported that the RSF is suspected of carrying out the attack.

However, the RSF has denied any involvement and blamed Sudan’s army, the Sudanese Armed Forces (SAF). The SAF has in turn said the RSF was responsible. Chad’s president on Thursday ordered the military to retaliate against future attacks from Sudan. 

Support Bellingcat

Your donations directly contribute to our ability to publish groundbreaking investigations and uncover wrongdoing around the world.

Donate

RSF spokesperson Al-Fateh Qurashi told Bellingcat via WhatsApp: “Our forces are not responsible for any targeting of neighboring Chad, and we have no connection to this targeting.” Qurashi instead blamed forces aligned with the Sudanese government over the strike. 

Imran Abdullah, an adviser to the RSF commander, told Bellingcat via WhatsApp that satellite imagery tracked the drone and that it belonged to the forces aligned with the Sudanese government. However, Abdullah refused to share the imagery he referred to saying: “It can be published if an independent international commission of inquiry is in place.”

The SAF are not known to use any Chinese-made drones or bombs, like the GB25A or GB50A. The SAF has been observed using Turkish and Iranian made drones and munitions such as the MAM-L bomb. 

Bellingcat sought comment on the use of these weapons from the Chinese manufacturer, Norinco, as well as the UAE given Amnesty’s previous reports about how a GB50A was used by the RSF after “almost certainly” being re-exported to Sudan. Neither responded prior to publication.

The conflict has previously spilled over the border into Chad. Reuters reported last month the country closed its border with Sudan after five Chadian soldiers were killed following clashes in Tiné between the RSF and militia fighters loyal to the Sudanese government.

Ziyu Wan and Riccardo Giannardi contributed from Bellingcat’s volunteer community.

Bellingcat is a non-profit and the ability to carry out our work is dependent on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Patreon channel here. Subscribe to our Newsletter and follow us on Bluesky here, Instagram here, Reddit here and YouTube here.

The post Munition Remnants Pictured at Site of Deadly Chad Strike Match Weapon Previously Used by Sudan’s RSF appeared first on bellingcat.

A Bellingcat investigation has identified nine Facebook groups with a combined membership of more than 70,000 people, in which coded language has helped illegal wildlife dealers evade bans on the platform for years. Facebook says it prohibits any form of animal trading on its platform.

Investigating the operators behind all nine groups, Bellingcat identified six Facebook profiles that led back to a single broker in Jakarta, Indonesia. This investigation was carried out in partnership with Mongabay. You can read their report in English here and in Bahasa Indonesia here.

In an open Facebook group, brazenly titled “West Bogor Animal Selling and Trading Forum,” one member posts an advert for a vulnerable rhinoceros hornbill.

Commenting on the advert, another member warns: “Just be careful not to get caught.” 

“That’s the risk,” replies the seller. 

Under Indonesian law, the capture, trade, or possession of a rhinoceros hornbill is punishable by up to five years’ imprisonment or a fine of up to Rp100 million (US$6,000). (According to Statistics Indonesia, the average monthly wage in August 2025 was just over Rp3 million or US$180.)

Meta also states that the buying and selling of animals on its platforms is prohibited. However, in this group, along with eight others identified by Bellingcat, animals have been traded in plain sight for years, including wild and protected species. Three of the nine groups have been live on Facebook for at least five years. Four have been active for 12 months or more, and the remaining two were created in 2025.

All nine groups state in their “About” tab that they are based in or around Jakarta, the Indonesian capital. As one of the most biodiverse countries in the world, Indonesia is a hotspot for poachers and a key transit hub in the illegal wildlife trade.

A quick scan of these groups revealed a variety of protected species for sale, including Javan coucals, Javan scops owls, Javan langurs, binturongs, and both wreathed and rhinoceros hornbills.

In one of the most active groups, West Bogor Animal Selling and Trading Forum, more than 200 adverts were posted in a single week. Of these, 18 advertised vulnerable species, including these two infant silvery gibbons. 

With fewer than 2,500 mature individuals left in the wild, the silvery gibbon is considered endangered. Under Indonesian law, trading in this species can result in up to five years’ imprisonment or a fine of up to Rp 100 million (US$6,000).

Otters were also frequently posted in the group. Popular in the Southeast Asian pet trade, most otter species are protected due to declining numbers in the wild. However, because many of the adverts were for infants, it was not always possible to determine which otter species was being sold, and therefore whether it was protected.

“Using Codes So The Group Stays Safe”

Despite Facebook’s total ban on animal trading, including pets, in the group titled: Civet/Pet Buying and Selling in the Greater Jakarta Area, members were instructed in the “About” tab to “prioritise using codes so the group stays safe from being banned.”

Alphanumeric codes were used to discuss animal prices in eight of the nine groups identified by Bellingcat. According to the Indonesian news outlet Jateng Today, the use of pricing codes, intended to circumvent Facebook’s automated moderation systems, is not uncommon among animal traders on the platform.

Such codes use the letters A, B, and C to denote different Indonesian rupiah denominations. A stands for a Rp100,000 note (about US$6), while B represents a Rp50,000 note (about US$3). An accompanying number specifies the quantity, so A3 indicates three Rp100,000 notes.

In the post below, one member asks, “A2 dapet apa?” – “What does A2 (Rp 200,000; US$12) get you?”

The post received 69 replies, with members offering everything from otters to owls, civets and geckos.

The term “Wc” – a common shorthand in animal trading groups for “wild-caught” – was also frequently used across all nine groups. Under Indonesian law, even if a species is not listed as vulnerable or protected, capturing and selling wild animals without a permit is illegal.

Related articles by Bellingcat

Asia-Pacific

The Hunt for Malaysia’s Elusive Wildlife Trafficker

Asked whether its moderation systems could detect cost codes (as text or embedded in images) or key terms such as WC (when found next to images of animals), Meta responded: 

“Bad actors constantly evolve their tactics to avoid enforcement, which is why we partner with groups like the World Wildlife Fund and invest in tools and technology to detect and remove violating content.”

The Operators

While investigating the operators behind all nine groups, Bellingcat identified six Facebook profiles that led back to one individual broker based in Jakarta. 

By navigating to the “People” tab in one of the groups, a list of admins and moderators appears, including an account referenced below as AB. Despite AB’s profile being locked, a search with the term “wa.” (WhatsApp’s click-to-chat feature) returned dozens of animal adverts alongside a phone number.

Using the phone number to search for AB’s historic posts, six out of the nine groups under investigation were found to have adverts for vulnerable species, including this advert for a binturong. 

Listed as vulnerable by the International Union for Conservation of Nature (IUCN), keeping a binturong, let alone trading it commercially, is prohibited under Indonesian law.

AB has also advertised this “Celepuk Wc”, a wild-caught scops owl, seen below. Although the species itself is not protected, selling a wild-caught owl in Indonesia without a permit (which are tightly regulated) violates Indonesian law.

By following the phone number shared by AB, five more Facebook profiles were uncovered. The six profiles frequently shared similar adverts, often within days of each other, for the same species, sometimes featuring a similar interior background, and always listing the same telephone number.

Late last year, one of the accounts referenced below as W, posted this wreathed hornbill, a protected species in Indonesia. 

Of the six profiles, only one, named Azie Soka Smithh has ever posted personal data, including a profile picture of a man with a child. 

Further investigation into Azie Soka Smithh confirmed their presence on other platforms, including Telegram and Instagram. However, their full legal name remained unknown. While searching for visual clues to their location, it became apparent that the vast majority of images had been tightly cropped, revealing little about their whereabouts – except for a handful of images that appeared to have been taken at the same location: a pet shop.

In the adverts shown below, a poster can be seen on the wall behind the cage displaying the shop name Station Sato Exotic and a phone number. Of all the images seemingly taken in the same shop, none featured species protected under Indonesian law. However, the long-tailed macaque shown below is considered endangered according to IUCN due to declining numbers in the wild. 

A Google search for the shop’s name and number returned a Google Maps listing for Station Sato Exotic. A man named “beni” had left a five-star rating as well as several dozen photos and videos of the pet shop’s interior, including one that appeared to show a man sitting next to an identical poster as seen in the animal adverts. 

According to beni’s Google account, his full name is Beni Abdul Hamid (translated from Arabic). His bio reads: “We sell various kinds of accessories, cages, animal feed, etc” (translated from Bahasa Indonesia).

Of the 16 photos and 25 videos posted by Beni, several showed a left hand holding animals up to the camera, with a distinctive mole visible on the wrist. A seemingly identical mole appeared in several of the adverts posted by the six Facebook accounts sharing the same phone number. Notably, the mole and wrist were not seen holding species protected under Indonesian law. However, the long-tailed macaque shown below is considered endangered according to IUCN.

Upon visiting Station Sato Exotic, our partners at Mongabay confirmed that Google reviewer Beni Abdul Hamid was in fact the owner. His son, Jordan Bastian, who was present on the day, told their reporter he now manages the shop on his father’s behalf.

Bastian confirmed that it was his wrist and mole in the adverts and that he had taken all of the photos inside the shop. However, he said he was not behind any of the six Facebook accounts and that they were most likely run by a local broker. He explained that his business relies on a network of brokers operating on Facebook and WhatsApp. He sends them photos of the animals he has for sale, and they handle sourcing and organising everything with the buyer in exchange for a cut of the profits.

“I’m a broker. I’m involved in marketing the animals, so I provide the photos,” said Bastian. “I don’t want to know about the buyer.”

When shown the Facebook account for Azie Soka Smithh, Bastian confirmed that the man in the profile picture was a local broker, but one who seldom visited the shop.

Station Sato Exotic Pet Shop also has an online presence on Tokopedia, a major Indonesian marketplace. The platform’s guidelines prohibit the sale of endangered species, but are not clear regarding the sale of other animals, including pets.

Of Station Sato Exotic’s 71 current listings, the large majority have been miscategorised. Animals are listed as tools, toys, aquarium decorations and books. They are also miscategorised as other species; for example, birds and squirrels have been listed as hamsters or reptiles.

One advert features a vulnerable cuckoo species, the Sunda Coucal. Endemic to Java and numbering fewer than 10,000, this bird has been listed as vulnerable since 1994.

Asked whether he had sold many animals via Tokopedia, Bastian said his account had been blocked after he was banned for selling squirrels. When shown the advert above for the Sunda Coucal, he said he was surprised to learn it was classified as vulnerable. Tokopedia did not respond to requests for comment regarding an advert for a vulnerable species appearing on their platform. 

On the sale of protected or vulnerable species more broadly, Bastian admitted he had in the past, but has since stopped, describing “the risk is big” and saying he prefers to “play it safe.” 

After contacting the local authorities for comment, three officers from the West Java Natural Resources Conservation Agency (BBKSDA) made a surprise visit to Station Sato Exotic, due to the shop having previously been reported for selling protected species. Head of Conservation Stephanus Hanny said that upon arrival, “We went inside and checked every animal… We did not find any protected species.” He added that even the sale of non-protected wildlife requires a permit, which the shop does not currently hold. However, since it’s not a criminal offence, Hanny said they could only issue the owners with a warning. 

Bellingcat also contacted the phone number associated with Azie Soka Smithh. The person replied, confirming they managed all six accounts but denied selling any animals, including protected and vulnerable species. “I’m just a hobbyist. An animal lover,” they said. 

Support Bellingcat

Your donations directly contribute to our ability to publish groundbreaking investigations and uncover wrongdoing around the world.

Donate

Given that the account had been found advertising vulnerable and protected species for sale, the Indonesian Director General of Forestry Law Enforcement, Dwi Januanto Nugroho, said authorities would investigate. Asked how their team of investigators was adapting to the illegal wildlife trade growing online, Nugroho replied:

“Criminal behaviour continues to reproduce itself in order to survive. In fact, it can evolve faster than the law enforcement system itself. In response …cyber patrols and desk analysis via the operations room will continue to be intensified, while we further optimise support from volunteer networks, working partners, and public participation.”

After contacting Meta, all six accounts, including Azie Soka Smithh, and all nine groups, totalling 70,000 members, were shut down. Meta confirmed: “We removed the Facebook groups and profiles in question for violating our Restricted Goods and Services Policy.”

Merel Zoet and Claire Press contributed to this report.

Bellingcat is a non-profit and the ability to carry out our work depends on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Patreon channel here. Subscribe to our Newsletter and follow us on Bluesky here and Mastodon here.

The post How Wildlife Traffickers Are Using Coded Language to Sell Protected Animals On Facebook appeared first on bellingcat.

This investigation is part of a collaboration between Bellingcat, Evident Media and CalMatters. You can watch Evident’s investigative video here, and read CalMatters’ report here.

In early January 2025, a gardener named Ernesto Campos was pulled over by Border Patrol agents in the city of Bakersfield, California. 

The agents were a long way from home: Bakersfield is over 240 miles (386km) from the US border with Mexico.

They were there as part of Operation Return to Sender, a Border Patrol surge in the city that acted as a portent of what was to come across the US in 2025.

Support Bellingcat

Your donations directly contribute to our ability to publish groundbreaking investigations and uncover wrongdoing around the world.

Donate

Video footage shows one agent threatening to break Campos’ car window as they believed he was transporting an undocumented individual. 

Campos filmed the agents, who he said slashed his tyres before arresting him and a passenger. The agents’ faces later appeared on local news reports detailing the incident.

Ten months later, two of the agents visible in footage recorded by Campos were filmed in Chicago as Border Patrol agents descended on the city for what was dubbed “Operation Midway Blitz”.

One was seen grabbing a man by the throat before slamming him to the ground with help from other agents.

The other was seen punching a man in the face before pulling his gun on protesters in a Chicago suburb.

These confrontations were not isolated incidents.

A federal judge in Illinois said in November that the use of force by federal agents in Chicago – including the use of tear gas and other less lethal munitions on multiple occasions –  “shocks the conscience”.    

A restraining order issued by that Illinois judge was vacated on appeal earlier this month. But what took place on the streets of Chicago also happened in other locations, with some of the same agents involved.

Bellingcat has worked with our partners at Evident Media and CalMatters to analyse over 85 hours of social media and bodycam footage, as well as court documents and incident reports, to try to unpack the actions of Border Patrol agents across the country. 

With agents often masked and badge or identification numbers not always visible, understanding exactly who has enforced the immigration surges of the past year has been difficult. This, in turn, has made public questioning and accountability around use-of-force incidents challenging. 

Nonetheless, we observed over 25 agents who appeared in more than one city, either by recognising their faces or matching badge numbers that were visible on their vests or arm patches. Many were seen alongside former Border Patrol Commander at Large, Gregory Bovino, on at least one occasion. 

But this is likely just a fraction of the agents who moved around the country to take part in Border Patrol surges in cities like Los Angeles, Chicago and Minneapolis. When speaking to reporters in January, Border Czar Tom Homan said he had spoken to some agents who had “been in theatre for eight months”. Many wore masks in the videos viewed by Bellingcat, and it was not always possible to identify number patches from social media or bodycam footage alone.

Although some of the agents we logged appeared on neighbourhood walkabouts or in footage where little happened, others could be seen using force on multiple occasions. For this story, we have focused on the actions of five agents whom we have been able to identify and who appear to have repeatedly used force in at least two, but often more, locations. We have decided to name those we have been able to identify just as we would name any officer involved in incidents like those detailed. But these were by no means the only agents whom we saw using force across one or multiple cities.

The footage we analysed also appears to show a steady escalation of violence and confrontational incidents as 2025 progressed, culminating in widespread use-of-force incidents in Chicago and Minneapolis, where two people, Renee Good and Alex Pretti, were killed by Immigration and Customs Enforcement (ICE) and Border Patrol agents, respectively, in early 2026.

Agents on the Move

While former Border Patrol Commander at Large Gregory Bovino is no longer in a national role, some of the agents observed and documented for this report appear to have travelled from his El Centro sector over the past year.

These included agent Timothy Donahue and Georgy Simeon, who were filmed by Ernesto Campos in Bakersfield. Donahue was the agent who was subsequently pictured pointing his gun at citizens just outside Chicago after a traffic incident (Donahue stated in his incident report that his car was rammed by an activist – something also described in Illinois federal judge Sara Ellis’ opinion – although Donahue’s report made no mention of punching a man in the face or unholstering his weapon). It was Simeon, meanwhile, who was filmed slamming a man to the ground after grabbing him by the throat.

Donahue was also spotted in social media footage in Los Angeles in June last year pushing a citizen who was blocking his vehicle, as well as grabbing a man on an immigration raid inside a car wash.

The Chicago publication, Unraveled Press, previously reported that Donahue was the owner of a social media account that made seemingly racist and sexist posts. Bellingcat and others have checked this account and found that an old profile picture showed an image of Donahue. Bodycam footage from outside a detention centre near Chicago also showed Donahue tackle a journalist from Unraveled without apparent warning.

Footage from Donahue’s own bodycam on Oct. 3 also appears to show him compiling an incident report with ChatGPT. The possibility of CBP agents using ChatGPT to compile incident reports was addressed by Judge Ellis in her ruling issuing a restraining order in November. She wrote that using ChatGPT to write reports “undermines their credibility and may explain the inaccuracy of some reports filed by CBP officers”.

The evidence doesn’t enable us to determine if Donahue used ChatGPT to compile the Oct. 31 incident report in which he did not mention he punched a man and unholstered his gun. 

Our reporting partners CalMatters emailed and called Donahue prior to publication. The email received no response. Donahue answered his cellphone but said, “never, ever call my cellphone again,” and hung up.

Simeon did not respond to emailed questions prior to publication, and calls to a number listed under his name went unanswered. 

The Department of Homeland Security (DHS) did not respond to questions posed about the actions of Donahue and Simeon detailed in this report or the agency’s use-of-force policies. They also did not respond to questions about whether it was permissible for agents to use generative AI platforms like ChatGPT to compile incident reports.

While the actions of Donahue and Simeon made news reports in various cities, the pair were far from alone in having their actions filmed and documented across the country. 

Kristopher Hewson, a supervisory agent based out of Bovino’s El Centro sector, was seen on bodycam footage in Chicago spraying an individual who was being held down by agents with what he detailed in his incident report as oleoresin capsicum (OC), also known as pepper spray, from what appears to be just a few inches away. The individual was on the ground and had one hand behind his back, but agents could be heard asking for his other hand during the incident. Hewson said in his incident report (see here and here) that the individual had been resisting arrest, but he also stated that he deployed the pepper spray from two feet away. Bodycam footage (see below) showed the canister beside the individual’s head right after a burst of spray can be heard.

Bodycam footage shows an individual being held down before pepper spray is released while he remains on the ground. Annotations after 15 seconds made by Bellingcat.

Hewson, who wore a mask but was identifiable in several videos by the C-29 ID number on his uniform, was later spotted in Minneapolis. He also said his name during one incident that allowed us to find other bodycam footage releases that belonged to him. In one video, his mask slipped, which allowed us to compare his face to images on his social media accounts.

Court testimony revealed that he was present in Los Angeles during a Border Patrol surge in the city in the summer of 2025. He was also seen alongside Bovino on numerous occasions, including in Chicago, where Bovino can be heard greeting him by saying, “Hey, Hewson”, in one video captured by the filmmaker Jeff Perlman.

In bodycam footage from Chicago a man can be heard saying that the person Hewson pepper-sprayed was his son, who was just 15 years old. This appears to be backed up by an incident report showing the individual’s date of birth. A short time later, Hewson can be heard shouting “get back or you will be gassed” at a group of protesters immediately before deploying tear gas towards them. As he throws the canister, a person can be heard shouting, “You’re not de-escalating shit, bro”. Hewson stated in his incident report (see here and here) that he gave a warning that CS gas was coming, but he did not detail how that warning was virtually instantaneous. 

Related articles by Bellingcat

Investigations

‘Pattern of Extreme Brutality’: Tear Gas, Pepper Balls Among Weapons Deployed Against Protesters in Illinois

All of these actions came two weeks after a judge issued a temporary restraining order on Oct. 9, preventing agents from using chemical agents on protesters and journalists unless there was an imminent threat of physical danger to federal forces. While that order was lifted in March 2026, it was still in force during the incidents detailed in this story.

Hewson was seen in Minneapolis in early 2026 alongside Bovino. He was captured on footage marching towards and tackling a Target employee, a teenage US citizen, who was directing insults at agents. A melee ensued at the front door of the Target store before two people were handcuffed and taken away by agents. Hewson’s C-29 number was visible as he led one of the men away. Both of those arrested were later released.

Hewson was questioned as part of a preliminary injunction hearing in Chicago, where, among other things, he stated (pages 183 and 184) that protesters have the right to shout and even swear at officers as long as they aren’t impeding their ability to carry out their work. He also said during questioning that tear gas “doesn’t harm people” (page 189). Multiple individuals who were impacted by the release of gas and chemical irritants in Chicago stated otherwise in incidents detailed in Judge Ellis’ ruling. 

When reached on the phone by CalMatters, Hewson said he could not comment. DHS did not respond to questions posed about the actions of Hewson detailed in this report or the agency’s use-of-force policies.  

El Paso Agents

Hewson was present and visible in footage when ex-Border Patrol Commander at Large Bovino appeared to push and manhandle a protester who crossed his path on Nicollet Avenue in Minneapolis. 

Also beside Bovino and Hewson that day were two officers based out of El Paso bearing the ID numbers EZ-2 and EZ-17. Both of these agents are seen wearing vests of the Border Patrol Tactical Division (BORTAC), a specialised unit that, according to the CBP, has a selection process “designed to mirror aspects of the US Special Operations Forces’ selection courses”. 

Bellingcat and Evident Media previously reported how EZ-17 fired less lethal munitions at protesters from close range a day after Renee Good was shot and killed by an Immigration and Customs Enforcement (ICE) officer in Minneapolis.

EZ-17 was accompanied during that incident by EZ-2, who could be seen spraying a chemical irritant in the face of a man who appeared to have thrown a snowball at him. EZ-2 was also seen throwing two female protesters to the ground outside Roosevelt High School in Minneapolis on Jan. 7. 

Both EZ-17 and EZ-2 were present in Chicago. EZ-17 was seen passing a tear gas canister to Bovino at an incident in the city’s Little Village neighbourhood on Oct. 23. 

The Chicago publication, Unraveled, previously identified EZ-17 as Edgar Vazquez and EZ-2 as Michael Sveum. Bellingcat was able to corroborate these identifications using similar techniques. Firstly, for Vazquez we compared images on his Facebook page with footage from EZ-2’s bodycam, which showed Vazquez inside a vehicle without a mask.

EZ-2 was identified in a similar manner. Bodycam footage from EZ-2 showed him looking at his phone. On the lockscreen was a picture of a man smiling and wearing a blue jacket. That same picture was posted on Sveum’s social media accounts and appeared to have been taken at an ultramarathon event whose organisers posted Sveum’s name alongside that same image.

When reached by phone by CalMatters reporters, Vazquez said that he could not comment. Sveum hung up immediately after CalMatters’ reporter introduced himself. DHS did not respond to questions posed about the actions of Vazquez or Sveum detailed in this report or the agency’s use-of-force policies.   

Dozens of other incidents where agents appeared to escalate rather than de-escalate situations, as well as use force or less lethal munitions, were logged as part of this investigation. This included agents pointing guns at protesters (see here and here) as well as using violent force and less lethal munitions on protesters, journalists and bystanders.

Bovino himself appeared to instigate confrontations with people, such as in Chicago, when he can be seen throwing a man to the ground before agents pounce on him, although he stated during his Illinois deposition that he did not think such actions represented a use-of-force incident. 

The former Border Patrol Commander at Large told CalMatters that he could not speak to the media without DHS approval prior to publication of this story. Requests sent to DHS to speak with Bovino went unanswered.

‘Unusual and Beyond the Pale’

According to John Roth, a former DHS Inspector General, and Steve Burnell, a former DHS General Counsel, the events of the past year, involving masked agents descending on select cities, have eroded trust and credibility in DHS and law enforcement.

While both agreed that there had to be professional immigration enforcement operations, they said that has to be done in a way that is responsible and ensures accountability when lines are crossed. 

“This is sort of a scary Orwellian thing”, Roth said. “I don’t think the public understands how unusual and beyond the pale it is to have these roving sort of groups of masked agents, out there handling the public.”

Burnell said that the inability to identify agents carrying out their work as enforcement officers was a particular concern: “At the end of the day, ICE and everybody at DHS are public servants. They’re supposed to be working for the public. And, you know, if somebody is working for you, you should have a right to know who they are, and you should have a right to hold them accountable and protest what they’re doing.”

Roth and Burnell both served under President Barack Obama and during President Donald Trump’s first term. The pair have testified to Congress in recent months, raising the alarm about what they see as a dismantling of accountability at DHS. Prominent members of the US government, including President Trump, have offered repeated support to Border Patrol agents, even after the death of protesters such as Renee Good.

Our partners at Evident and CalMatters showed Roth and Burnell some of the footage described in this report. While they refrained from commenting on individual incidents, Roth described the footage generally as “difficult to watch”.

“The question I’d ask. Have [agents] inserted themselves into something that requires them to use force,” said Roth. “In which case that would be a violation of DHS policy,” he added, referring to use-of-force policies that detail how law enforcement officers may use force when no “reasonably, safe and feasible alternative appears to exist”.

“It’s actually DHS policy that you [are required] to attempt to de-escalate when that’s possible. I mean, they don’t have a duty to retreat, but they do have a duty not to insert themselves into a place where use of force is necessary,” Roth said.

Burnell described a lot of what has happened over the past year as a type of “dominance display”.

“It’s there to send a message. And that is not de-escalatory. It’s the opposite,” he said.

Bellingcat, CalMatters and Evident Media jointly sought to contact DHS as well as all of the agents mentioned in this story prior to publication. 

We asked DHS whether any of the incidents detailed in this report violated DHS use-of-force policies or whether those policies had been updated under the current administration. 

We also asked if DHS was taking any action or providing further training to agents to ensure the public’s constitutional rights are respected during immigration enforcement operations carried out by Border Patrol.

DHS did not respond before publication.

Youri van der Weide, Kolina Koltai and Eoghan Macguire from Bellingcat, as well as Sergio Olmos from CalMatters and Kevin Clancy from Evident Media, contributed reporting to this piece.

Bellingcat is a non-profit and the ability to carry out our work is dependent on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Patreon channel here. Subscribe to our Newsletter and follow us on Bluesky here, Instagram here, Reddit here and YouTube here.

The post Agents of Chaos: Unpacking the Actions of Border Patrol Agents Across the US appeared first on bellingcat.

This article is the result of a collaboration with The Sunday Times. You can find their corresponding piece here.

Bellingcat and The Sunday Times last week published photographs showing ex-UFC fighter Mounir “The Sniper” Lazzez with wanted cartel leaders Christy and Daniel Kinahan. 

The images, captured during the 971 Fighting Championship in Dubai last June, mark the most recent sighting of the Irish narco-traffickers since the US government put multi-million dollar bounties on their heads in 2022.

At different points during the six-hour fight night, Lazzez, who ran the event at the Coca-Cola Arena, is seen talking to both crime bosses, who were seated cageside at opposite ends of the front row, on white sofas designated for VIPs.

Lazzez is captured with Daniel Kinahan in a since-deleted high-resolution image uploaded to a professional photographer’s website, and in a picture posted to Instagram by a spectator. 

He is also visible in the official live-stream. About two hours in, Lazzez taps Christy Kinahan, the founder of the eponymous drug cartel, on the arm. Three hours later, he crouches in front of the 68-year-old while looking at this phone, before sitting on the arm of Kinahan’s chair.

Today, we reveal that Lazzez — an outspoken supporter of Daniel Kinahan — has business interests extending far beyond the world of combat sports.

Documents uncovered by Bellingcat link the 38-year-old to multimillion dollar shipping deals, orchestrated by companies in a secrecy jurisdiction, for crude oil tankers that were later sanctioned by the US government for helping the Iranian regime.

The firms that bought these ships were headquartered at an address used for registering offshore companies — including a separate firm that owned a Kinahan cartel-linked bulk carrier loaded with more than two tonnes of cocaine.

Who is Mounir Lazzez?

Lazzez has been held up as an icon in the world of combat sports as the first Arab born-and-raised fighter to be signed to the UFC.

Originally from the port city of Sfax in Tunisia, he said he had a “tough life” and had to “fight to get everything”. In one interview, Lazzez explained how he started MMA classes as a teenager. A “skinny kid” who was being bullied, his parents thought the sport would boost his confidence.

Eventually, Lazzez said, he went on to compete nationally and then, in his early 20s, moved to Canada to hone his skills. It was a “business opportunity” that drew him to Dubai, where he also started his professional MMA career.

The 6’1″ welterweight was signed to the UFC in 2020 after being recommended to long-time president Dana White by a friend of White’s teenage son. Earning the nickname “The Sniper” for his precision strikes, he fought four times between 2020 and 2023.

For the latter part of his MMA career, Lazzez was represented by MTK Global, the now-defunct sports management company co-founded by Daniel Kinahan, who authorities have said is responsible for managing the cartel’s drug trafficking operation.

Lazzez has spoken publicly about his relationship with Daniel Kinahan, describing him as a “good friend, brother and advisor”. In 2021, he wrote on social media: “I’ve never met a man like him”.

He made headlines in 2022 when he thanked Kinahan from inside of the cage after a win in Las Vegas. “Without him, I would never be the man who I am today,” Lazzez told the crowd.

When questioned about his comments later, Lazzez said the cartel boss – who had been sanctioned just days before — was “a friend and adviser.”

Now retired from combat sports, Lazzez had, until recently, lived in Dubai and was listed as the part-owner of a gym, the 971 MMA & Fitness Academy, in the industrial district of Al Quoz.

He launched the 971 Fighting Championship in 2024, promising to “change the face” of combat sports. Last year’s outing at the Coca-Cola Arena was its second event.

But our investigation has uncovered records tying Lazzez to other ventures before he started the 971 Fighting Championship.

In 2023, he was listed as the director of two companies that paid more than $80 million for two oil tankers. Both ships were sanctioned the following year for their roles in assisting the Iranian regime.

The Sunday Times has previously reported on the Kinahan cartel’s involvement in arms smuggling and money laundering, and its alliances with other crime fraternities. Among the gang’s alleged clients are Iran’s intelligence services and the Lebanon-based Islamic militant group Hezbollah. 

The new findings uncovered in this investigation raise serious questions about Lazzez’s relationship with the most senior members of the US-sanctioned Kinahan Organised Crime Group.

Bellingcat contacted Mounir Lazzez by phone, email and social media but did not receive a response.

A staff member who answered the phone at Dubai’s 971 MMA & Fitness Academy said Lazzez has had no involvement in the business since October 2025. Asked how Lazzez could be contacted, the man said: “That’s the problem, we don’t have anything from him since he left. He doesn’t work here with us anymore.” 

A series of messages and calls to the gym’s management and two other owners were not answered.

Further enquiries last week found that Lazzez had moved to Italy, where his wife is from, late last year. In October, Marco Fioravanti, the mayor of Ascoli Piceno, a town in central Italy, posted a photo of him meeting with the ex-UFC fighter.

A local news report published in December said the “combat sports icon” was now offering personal training sessions from two gyms in the region. “Today, my motivation is teaching,” Lazzez was quoted as saying. “I’ve lived the athlete’s life at the highest level, and now I want to pass on my experience to others.”

New Instagram and Facebook profiles set up under the name “ML MMA & Fitness” and advertising personal training with Lazzez included an email address in his name and an Italian mobile number.

The social media accounts were deleted or made private last week immediately after Bellingcat sent messages. Phone calls and emails to Lazzez were not returned.

Lazzez, who founded the 971 Fighting Championship in 2024, said he was focused on expanding the event. After the 14-bout card last June, the 971 FC Instagram page asked fans who they wanted to see perform at the next fight night, and posted: “We’re just getting started”. Lazzez said there was “more in the pipeline”. In an interview at the time, he was also quoted saying: “This is not just a business. We’re not doing this for profit. This is about legacy.”

After more than a decade living in the UAE, it is not known why Lazzez and his young family relocated to Italy in recent months.

MMA to Multi-Million Maritime Deals

Bellingcat ran Mounir Lazzez’s name through open source corporate databases to determine if he was involved in any business activities other than his Dubai gym, the 971 Fighting Championship, and his new venture in Italy.

Two results were returned via Horizons, a platform that aggregates public records and which was created by Washington DC-based nonprofit C4ADS. The files, sourced from the Panama Flag Registry, include title documents showing the owners of ships registered under the Panama flag up until August 2024.

$41.75M

$42.75M

Mounir Lazzez

Director

Company 1

Marshall Islands

SANCTIONED

Oil Tanker

Panama Flagged

SANCTIONED

Company 2

Marshall Islands

Oil Tanker

Panama Flagged

SANCTIONED

The documents reveal that Lazzez was listed as the director of two companies that bought two ships over a three month period in 2023.

He was listed as the director of Dragon Road Limited, a Marshall Islands-registered company that bought an oil tanker called “Alisha” in July 2023.

The oil tanker, which was sold by Dragon Road last year, has gone by four different names since 2013. Source: Image posted to MarineTraffic in 2024 by Ivan Meshkov.

A bill of sale for the Panamanian-flagged ship shows that Dragon Road paid US $41.75 million for the vessel, which was then renamed “Serene I”.

Documents showing Dragon Road’s purchase of Alisha (renamed Serene I). Source: C4ADS Horizons

The following year, in September 2024, Dragon Road was sanctioned, along with Serene I.

The US government said it had loaded products belonging to the Islamic Revolutionary Guard Corps-Qods Force (IRGC-QF) on behalf of a company affiliated with Hezbollah.

The records from Horizons also show that Mounir Lazzez was listed as the director of a second Marshall Islands-based company called Faith Enterprise Limited in 2023.

Faith Enterprise bought a 330m Panamanian-flagged oil tanker called “Luna Lake”.

The vessel has since been sold to unknown owners and renamed Eternity. Source: Image posted to MarineTraffic in 2025 by Christoph Ortmann.

The 2023 bill of sale said Faith Enterprise paid US $42.75 million for the vessel, which was renamed “Phonix”. The paperwork was notarised at the Panamanian consulate in Dubai, where Lazzez lived at the time.

Documents showing Faith Enterprise’s purchase of Luna Lake (renamed Phonix). Source: C4ADS Horizons

The tanker was sanctioned by the US government in December 2024 for allegedly transporting Iranian oil. Faith Enterprise was dissolved by the time the ship was sanctioned and it is unclear who the owner was. A third company, India-based Vision Ship Management LLP, was also sanctioned for managing and operating Phonix. While this company has no known ties to Lazzez, shipping data platform Equasis shows that the same company also managed Serene I.

Tracking data from Global Fishing Watch shows that both Serene I and Phonix departed the Singapore Strait, toward the Persian Gulf, weeks after they were sold to the firms that listed Lazzez as their director. Both tankers then made at least two round trips between the Persian Gulf and China in the following months.

Source: Global Fishing Watch

The Sunday Times reports today that tankers of this size could carry up to 1.1 million barrels of oil which, at market rates, represents a cargo worth US $90 to $100 million. It said entities facilitating such shipments could earn as much as 10 per cent of each trade – US $10 million per voyage.

In each of the shipping documents, Lazzez's signature is declared authentic by a named ambassador or consul general of Panama. Lazzez’s method of identification used in the sale of Serene I, which was detailed in the documents, was an Italian passport.

Bellingcat confirmed Lazzez’s Italian passport number through a Bing search, which returned a document from the Government of Dubai’s official website showing that it was used on a commercial licence for Nine Seven One Rising Mixed Martial Arts Academy LLC — the entity behind Lazzez’s gym, 971 MMA & Fitness Academy.

Lazzez posted on social media in 2022 about becoming an Italian citizen.

Corporate documents list Lazzez as one of three owners of Nine Seven One Rising Mixed Martial Arts Academy LLC. According to the documents, Lazzez has a 25 per cent share in the business. 

The other two owners are both citizens of the Caribbean Island of Dominica. One of these people, according to their public profiles, studied law in Iran and specialises in maritime law. The other is named in the Panama Papers and appears to be involved in the global shipping industry.

Neither of these people responded to questions from Bellingcat.

Dragon Road and Faith Enterprise were both set up in 2023, three months and one month respectively before buying the vessels, according to records accessed via International Registries, Inc.

Dragon Road was annulled in September 2024, the same month the sanctions were imposed. Faith Enterprise was dissolved in September 2024, nine weeks before the ship it bought was sanctioned.

The names of company directors, shareholders and beneficial owners are not publicly accessible in the Republic of the Marshall Islands. While Lazzez was listed as the director of Dragon Road and Faith Enterprise in 2023, according to the documents accessed via Horizons, it is not known if he was still a director in 2024. It is also unknown if these companies had other directors at the time.

What is known from the documents filed with the Panama Flag Registry is that both firms were headquartered at a Marshall Islands address that is commonly used for registering offshore companies, including Matthew Maritime Inc, which owned cocaine freighter the MV Matthew.

The Panamanian-flagged vessel was seized off the Irish coast in September 2023 and found to be carrying more than two tonnes of South American cocaine worth €157 million. It was the largest drugs seizure in Irish history.

The smuggling operation was reportedly part of a conspiracy involving the Kinahans and the Colombian Clan del Golfo. It was also reported that the operation was directed from Dubai, and that authorities suspected the involvement of Hezbollah and the Iranian government.

Connor Plunkett, Peter Barth, Beau Donelly and John Mooney contributed to this article. Scroll-driven interactive by Connor Plunkett and Miguel Ramalho.

Bellingcat is a non-profit and the ability to carry out our work is dependent on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Patreon channel here. Subscribe to our Newsletter and follow us on Bluesky here, Instagram here, Reddit here and YouTube here.

The post Ex-UFC Fighter and Kinahan ‘Friend’ Mounir Lazzez Linked to Iran Sanctions appeared first on bellingcat.

The Netherlands’ largest newspaper, De Telegraaf, recently published an interview with a woman claiming to organise her own evacuation flights from Dubai, selling seats at €1,600 (US$ 1850) each. Four days later, her photo was removed from the article, though the interview remained.

Bellingcat has found that the original image not only includes artefacts commonly associated with generative AI, but that the flights referenced in the article do not appear to exist.

The story came at a time when thousands of Dutch people were reportedly seeking urgent ways to leave the region following Iranian missile and drone strikes across the Gulf in retaliation for US-Israeli strikes.

Published on De Telegraaf’s website on March 5, the headline reads: “Dutch people in the Middle East feel abandoned by the government: We just rented a plane ourselves.”

The Dutch minister of foreign affairs was confronted with this headline during a television interview, in which he described ongoing efforts by the Dutch government to repatriate citizens to the Netherlands.

The article features interviews with several Dutch people struggling to leave Dubai and Abu Dhabi, including Tamara Harema. Under the subheading “Dutch people hire their own plane”, Harema says she was “rebooked five times by Emirates” and that the official repatriation flights organised by the Dutch government were not ‘taking off’.

As part of a group, she says, they are organising buses and have hired an Airbus A321 to fly home. Harema is quoted as saying: “The first plane is already full, so we’re organising a second flight. Stranded travellers can contact us.”

However, several discrepancies in Harema’s photo, published in the original article, suggest it was AI-generated. No trace of a person matching Harema’s face or profile could be found, and flight-tracking data suggests no such plane took off.

The Photo

In the image below, the world’s tallest structure, Burj Khalifa, can be seen through the window overlooking the Dubai skyline. Each side of the tower is unique, with platforms that protrude at different heights and in different directions. It also contains several mechanical floors, which appear as dark bands in the photo.

By cross-checking the height of the visible platforms together with the location of the mechanical floors, it’s possible to determine that Harema’s hotel room faces north-west, towards the Burj Khalifa’s south-east-facing facade.

Several discrepancies are visible when comparing Harema’s photo with other images of the building, including an upper mechanical floor appearing higher than in other images and the absence of the water feature at the base of the building.

To establish whether Harema’s photo could have been taken several years earlier, Google Street View imagery was analysed from 2013 onwards. No match could be found when comparing the arrangement of buildings at the base of the Burj Khalifa.

Several other irregularities, as shown below, including the hotel room furniture and details of Harema’s clothing and jewellery, also suggest it may have been AI-generated.

Fully Booked Airbus A321

Regarding whether the plane existed, Harema says in her interview that buses have already been arranged to collect passengers from two locations in Dubai on Saturday, March 7, after which a 232-seater Airbus A321 will depart from Muscat, Oman, for the Netherlands.

The article notes the cost is €1,600 (US$ 1850) per person, without detours. “Although we read that a Dutch repatriation flight costs €600, just try getting on such a flight,” says Harema.

According to Flightradar24, multiple A321s departed Muscat on March 7 and 8, but none bound for the Netherlands. The only aircraft that did arrive in Amsterdam from Muscat were either government-organised repatriation flights or scheduled Oman Air services, none of which were Airbus A321s.

Two Airbus A321s were recorded on the ground at Muscat Airport on March 7. One, belonging to Gulf Air, later departed for Rome via Riyadh March 8. The other, operated by SalamAir, had been flying routes between Oman and Bangladesh until March 3, but has since remained in Muscat.

Support Bellingcat

Your donations directly contribute to our ability to publish groundbreaking investigations and uncover wrongdoing around the world.

Donate

After contacting De Telegraaf, an explanation for the photo’s removal was added at the bottom of the article, stating that the photo did “likely not meet our journalistic guidelines.”

The newspaper’s deputy editor-in-chief, Joost de Haas, added:

“Regarding the quoted Tamara Harema, the editors contacted her after Mr. Chizki Loonstein—a long-standing source for one of our reporters—informed us about attempts to charter a plane. Mr Loonstein informed us that Ms Harema stayed in Dubai and could tell us more about it. This led to messages from which several quotes from Harema were extracted, as reproduced in the relevant passage of the article.”

A search for Loonstein led to a six-month-old report from another Dutch newspaper, NRC, which claimed that Loonstein, a lawyer, emigrated to Dubai after his legal company went bankrupt, leaving his clients, victims of fraud, worse off.

Contacted for comment, Loonstein confirmed that he knew Harema and had shared her contact details in “an app group” in relation to a flight from Muscat to Amsterdam. After this contact, Bellingcat sent him the photo of Harema to confirm her identity and asked him to share Harema’s contact details. In response, Loonstein refused to provide further comment. 

Merel Zoet and Claire Press contributed to this report.

Bellingcat is a non-profit and the ability to carry out our work is dependent on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Patreon channel here. Subscribe to our Newsletter and follow us on Bluesky here, Instagram here, Reddit here and YouTube here.

The post AI Used to Promote Non-Existent Evacuation Flights From the Middle East appeared first on bellingcat.

To stay up to date on our latest investigations, join Bellingcat’s WhatsApp channel here.

Bellingcat has geolocated footage of multiple Tomahawk cruise missiles travelling through Iraqi airspace towards Iran, either in violation of its airspace or with Iraq’s consent.

Bellingcat identified at least 20 individual cruise missiles and geolocated them over Iraqi Kurdistan including alongside Mount Piramagrun, in the Zagros Mountain range, and approximately 50 km southeast of the city of Kirkuk.

Modern Tomahawks can travel up to 1600 km, and are used for precision strikes. At the start of the war, the US had a carrier strike group in the Mediterranean and the Arabian Sea, as well as some independently deployed destroyers.

The US is the only participant in the war known to possess Tomahawks, which can be launched by ships or submarines. US President Donald Trump said at a press conference on Monday that Iran “also has some Tomahawks”. Official ​​government reports on Iran’s military balance don’t support this claim.

Considering the distance of US vessels to the geolocated missiles, the missiles seen in the videos were most likely fired from the Mediterranean Sea, Sam Lair, a research associate at the James Martin Center for Nonproliferation Studies, told Bellingcat.

Red Sea launches would be pushing the maximum range, and US Navy ships were not known to have been in the Persian Gulf at the start of the war, Lair said.

Brian Finucane, a senior adviser with the US Program at the International Crisis Group, told Bellingcat that without the consent of Iraq and Syria, the intrusion of Tomahawk missiles into their airspace “would violate its sovereignty and international law”. 

We asked the US State Department and Department of Defense as well as the foreign ministries of Iraq and Syria, if ​​the US had an agreement with Iraq or Syria to utilise their airspace for cruise missiles targeting a third country. The Department of Defense told Bellingcat they “had nothing to provide” while neither the Iraqi nor Syrian ministry had responded at the time of publication.

On Tuesday, Iraqi Prime Minister Mohammed Shia al-Sudani spoke with US Secretary of State Marco Rubio and stressed that Iraqi airspace and territory should not be used for any military action targeting neighbouring countries, the prime minister’s media office said.

Bellingcat geolocated at least eight videos showing Tomahawk missiles over Iraq. The videos show at least 20 individual Tomahawk missiles, based on the longest uninterrupted video we reviewed.

The below graphic shows all Tomahawk missiles Bellingcat has geolocated, which includes additional missiles identified outside of Iraq.

Click the arrows in the map below to view the verified missile sightings, including the original footage and geolocation analysis.

Interactive map showing the approximate locations of US carrier groups in the region at the start of the war, with a 1600 km range, in relation to Tomahawks geolocated by Bellingcat. We included a possible Red Sea launch point for visualisation, reference and comparison purposes only. The white arrows indicate the location of Tomahawk sightings. Their respective directions of travel are shown by default. All coordinates and directions shown are approximate. Source: Logan Williams/Bellingcat.

These missiles don’t always make it to their intended target. In addition to footage of the airborne missiles, Bellingcat also identified remnants of a Tomahawk missile that had crashed outside Kafr Zita in northwest Syria.

Missiles Fired From the Sea

On the first day of the war, Feb 28, the US Central Command (CENTCOM) published footage of Tomahawk missiles being fired from the sea. Later on March 1, CENTCOM released additional video of the USS Thomas Hudner (DDG-116) firing a Tomahawk missile, while operating in the Eastern Mediterranean Sea. 

According to a Center for Strategic and International Studies (CSIS) analysis, more than 160 Tomahawk missiles may have been used in the first 100 hours of the war, and “they would have been used to destroy Iranian air defenses and other counter-air capabilities and create permissive conditions for follow-on attacks”.

Arleigh Burke-class guided-missile destroyer USS Thomas Hudner (DDG 116) fires Tomahawk land attack missiles in support of Operation Epic Fury, Mar. 1, 2026. (U.S. Navy video)

Tomahawk Flights Through Iraqi Airspace

The footage analysed by Bellingcat showing cruise missiles travelling over land is consistent with the typical flight profile of Tomahawks, which cruise at low altitude along pre-programmed routes toward distant targets. 

Support Bellingcat

Your donations directly contribute to our ability to publish groundbreaking investigations and uncover wrongdoing around the world.

Donate

According to the US Navy, “Tomahawk cruise missiles are designed to fly at extremely low altitudes at high subsonic speeds, and are piloted over an evasive route by several mission tailored guidance systems.”

This explains why they are sometimes filmed by civilians during transit. Similar sightings have previously been recorded during US conflicts in the Middle East. 

Bellingcat analysed terrain features and solar data in the footage and confirmed the location and approximate direction of travel of the Tomahawk missiles. We found that they followed the terrain closely, and appeared to follow two different valleys near the Iraq-Iran border.

The Zagros mountain range stretches across much of Iran as well as northern Iraq. The mountains of this valley would provide details for the Tomahawks’ terrain matching guidance, and hide them from Iranian radar detection.

Click the arrows in the map below to view the verified missile sightings, including the original footage and geolocation analysis.

Interactive map showing the locations of Tomahawk sightings. The missiles were travelling through Iraqi airspace towards Iran in valleys near the Iraq-Iran border, and near Kirkuk. The respective directions of travel are shown (white arrows). All coordinates and directions shown are approximate. Source: Logan Williams/Bellingcat.

Other Geolocated Footage 

In a video filmed in Tehran and posted on the first day of the war, six Tomahawk missiles can be seen flying over the Qurkhane Bus Terminal in Tehran, as an anti-aircraft gun on a nearby building fires at them. Other gunfire can be heard in the distance.

Bellingcat previously geolocated a Tomahawk strike in Manib, Iran, near a school where 175 people, including children, were reported to have been killed.

A final video analysed by Bellingcat, posted on March 3, shows 13 Tomahawk missiles flying past a commercial ship in the direction of Iran, the M/V MAERSK BOSTON, while it was off the coast of Oman, according to solar, visual and Marine Traffic data.

New Tomahawk Variants

Since the beginning of the war, two new variants of Tomahawk missiles have been observed.

One Tomahawk variant seen publicly for the first time, distinguished by its visible black body, believed to be a stealth coating. Other missiles appear to have wings angled forwards, a modification designed to make them harder to detect by radar, according to an analysis by The War Zone.

Clobbering

Sam Lair, a research associate at the James Martin Center for Nonproliferation Studies, told Bellingcat that Tomahawks have GPS guidance and use terrain matching to determine their location. When there is an error in guidance, some missiles can “clobber” and hit the ground.

The US stopped firing Tomahawk missiles over Saudi Arabia during the 2003 Iraq War after some crashed in the country while attempting to strike targets. About ten Tomahawk missiles crashed during that war, with some landing in Iran and Turkey as well.

Bellingcat’s Logan Williams and Felix Matteo Lommerse contributed research to this article. Livio Spani, Anisa Shabir, Afton Briones, Mathis Noizet, and Nicole Kiess from Bellingcat’s Volunteer Community also contributed to this piece.

Bellingcat is a non-profit and the ability to carry out our work is dependent on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Patreon channel here. Subscribe to our Newsletter and follow us on Bluesky here, Instagram here, Reddit here and YouTube here.

The post Tracing Tomahawks: US Missiles Bound for Iran Spotted Over Iraq appeared first on bellingcat.

New video footage shows a US Tomahawk missile hitting an Islamic Revolutionary Guard Corps (IRGC) facility in Minab, Iran, on Feb 28, showing for the first time that the US struck the area.

The footage, released by Mehr News and geolocated by Bellingcat, also shows smoke already rising from the vicinity of the girls’ school where 175 people were reportedly killed, including children.

New video footage shows a US Tomahawk missile hitting an IRGC facility in Minab, Iran, on Feb 28, showing for the first time that the US struck the area. The footage also shows smoke already rising from the vicinity of the girls’ school, where 175 people were reportedly killed. pic.twitter.com/4jBXrNcRJO

— Trevor Ball (@Easybakeovensz) March 8, 2026

The footage would appear to contradict US President Donald Trump’s claim that it was an Iranian missile that hit the school.

The US is the only participant in the war that is known to have Tomahawk missiles. Israel is not known to have Tomahawk missiles.

The red cone superimposed over this image shows the estimated area of impact of the missile visible in the footage. The graphic also shows the position of a clinic, the school and other damaged buildings.

Planet Labs satellite imagery shows that only two structures within this red cone were damaged, including a clinic.

The other structure appears to be an earth-covered magazine or bunker.

Giancarlo Fiorella and Merel Zoet contributed research to this piece.

Bellingcat is a non-profit and the ability to carry out our work is dependent on the kind support of individual donors. If you would like to support our work, you can do so here. You can also subscribe to our Patreon channel here. Subscribe to our Newsletter and follow us on Bluesky here, Instagram here, Reddit here and YouTube here.

The post Video Shows US Tomahawk Missile Strike Next to Girls’ School in Iran appeared first on bellingcat.