May 7, 2025

SHARE |

Threading a Precarious Geopolitical Posture, Iran Seeks to Wreak Havoc in Europe

AP Photo/Kin Cheung, File

Earlier this week, the United Kingdom's Counter Terrorism Command executed two separate, major operations resulting in the arrest of eight individuals, predominantly Iranian nationals suspected of being engaged in illicit state-back activities. The first operation saw five men detained on suspicion of preparing a terrorist attack. Some reporting preliminarily suggests that the plot may have targeted a Jewish site, aligned with other recent Iranian activities on European soil. Concurrently, a separate counterterrorism police investigation led to the arrest of three Iranian men in London, related to state-sponsored activities, most probably directed by Tehran. Since the beginning of 2022, UK authorities have responded to over 20 Iran-backed plots presenting potentially lethal threats to residents. These latest arrests highlight a sustained campaign of Iranian threat activities in Europe, against a backdrop of an uncertain outcome for U.S.-Iran nuclear talks and a new spike in Israel-Iran tensions after the Houthis successfully cratered the perimeter of Ben Gurion Airport in Israel on Sunday, and the Israelis responded by bombing Yemen directly.

Iranian intelligence, primarily the Islamic Revolutionary Guard Corps (IRGC) and the Ministry of Intelligence and Security (MOIS), have for years focused heavily on silencing regime critics abroad through a slew of external operations. Iranian dissidents as well as Jewish and Israeli targets have been prime targets throughout Europe, with myriad surveillance campaigns and terrorist plots exposed and thwarted.

In addition to its own operatives, Tehran has increasingly leveraged local criminals and proxy agents to avoid direct involvement in its external operations in Europe. This method permits leveraging the existing logistics and manpower of local criminal networks and simultaneously mutes the immediate risk to Iranian operatives.

In response to this crystallizing criminal nexus, the United States moved to sanction the Swedish-based transnational criminal organization Foxtrot Network in March. Predominantly known for its gun violence and role in the narcotics trade in Europe, the Foxtrot Network and its leader, Rawa Majid, were sanctioned by the U.S. for their involvement in plots against Jewish and Israeli targets in Europe on behalf of Tehran. Specifically, the organization was involved in the thwarted attack on the Israeli Embassy in Stockholm in January 2024. According to the Mossad, Israel’s intelligence service, the group’s leader Majid was recruited by Iran to plan attacks on European soil after he fled there from Türkiye in September 2023. Multiple criminal gangs have been recruited by Tehran. According to the Swedish Security Service, Foxtrot’s rival criminal organization Rumba plotted several other attacks on the Israeli Embassy in Stockholm over the past year, often featuring the involvement of young teenagers ignorant of whom they were being directed by. Other recent Tehran-directed plots in Europe also involved various types of criminals and criminal organizations including two Balkan-origin criminals, a human smuggler, a Turkish drug trafficker, and the infamous Mocro Maffia, a drug trafficking cartel based in the Netherlands.

Alongside its physical operations, Tehran has developed a significant arsenal of cyber capabilities to interfere in Europe and beyond, often with the primary objective of transnational repression. In Germany, for example, Iranian state-sponsored groups such as APT42 and MuddyWater have targeted Germany-based journalists, politicians, and academic institutions between 2022 and 2024, using social engineering techniques to infiltrate targets. Earlier this year, it was revealed that Hannah Neumann, a European Member of Parliament and head of the delegation working on EU-Iran relations, was victim of an attempted attack by APT42. Iran-backed hackers used a typical spear phishing method posing as Iran expert Matthew Levitt to send Neumann a purported sensitive document that would install malware on her devices if opened, likely to be used to exfiltrate data.

The current geopolitical posture of Iran may lead to a further escalation of its external operations on European soil. Its leadership faces domestic discontent, a grinding sanctions-driven economic crisis, and a renewed intensification of tensions with Israel after the strike on Sunday by a Houthi missile that cratered the perimeter of Ben Gurion Airport and led to counterstrikes by Israel. While the Houthis remain active as ever, key components of its forward defense doctrine, i.e., its Axis of Resistance, have been battered over the past year by Israel and U.S. operations and, in particular, by the fall of the Assad regime in Syria. At the same time, the outcome of U.S.-Iran nuclear talks is uncertain in light of Washington’s demand for “total dismantlement” of Iran’s uranium enrichment program. Tehran has repeatedly made clear that eliminating its enrichment program is not negotiable.  Europe may thus continue to be an appealing stage for Tehran to stage deniable, symbolic reprisals as it seeks to compensate for its setbacks in the Middle East region.  Additionally, its marriage of opportunity with criminal networks in Europe may only strengthen as Tehran seeks to pressure Europe not to invoke the UN Sanctions snapback mechanism under UN Security Council Resolution 2231, which endorses the 2015 Joint Comprehensive Plan of Action (JCPOA). This mechanism allows for the re-imposition of all UN sanctions on Iran if it is deemed to be in significant non-compliance with the agreement.

The asymmetric costs of such activities may further speak to the sanctioned regime: modest investments and the lack of direct Iranian involvement force adversaries to expend disproportionate resources on security, intelligence, and counterterrorism, but also limit potential strong retaliation from Europe against Iran. Nevertheless, continued external operations may spectacularly backfire for Tehran, as the isolated country seeks to patch up its regional posture and maintain leverage in the nuclear talks.