Kian-2 UAV and Al-Ghadir

Kian-2 UAV Operational Profile – Syrian Deployment 2025

As of early 2025, the Kian-2 represents Iran’s most advanced tactical jet-powered UAV currently in operational use outside of domestic exercises. This UAV has been deployed by the IRGC Quds Force and affiliated Iranian-controlled militias in Syria, particularly near strategic bases such as T4 (Tiyas Airbase) and the Imam Ali complex near Al-Bukamal, Deir ez-Zor province.

The Kian-2 is a jet-powered platform capable of multi-role missions that include high-speed reconnaissance, decoy functions, and precision strikes. Analysis of flight characteristics suggests sustained speeds above 600 kilometers per hour, powered by an indigenously modified turbojet derived from legacy J85 platforms, with digital fuel control and variable intake geometry optimized for high-altitude burst missions.

Its operational range exceeds one thousand kilometers, enabling deep strike capability from launch sites in Iranian territory, western Iraq, or southern Syria, thus circumventing radar coverage via terrain masking and exploiting regional air defense seams.

The Kian-2’s modular payload system allows it to alternate between EO/IR sensor packages, electronic warfare (EW) jammers, and light precision-guided munitions. Based on trajectory analysis and wreckage documented in local Syrian media and private Telegram military channels, the Kian-2 has been confirmed to deploy modified Sadid-345 guided bombs, which utilize laser or electro-optical terminal guidance.

The Kian-2 operates at Level of Autonomy 3 (LoA-3). This classification entails pre-programmed flight paths with the capacity for limited dynamic re-tasking based on terrain-following radar and an AI-enabled flight control unit. During the February 2025 precision strike on a command node in western Deir ez-Zor, the Kian-2 executed adaptive loiter-and-dive maneuvers based on ISR data updated in-flight through a secure Ku-band satellite relay, most likely supported by Noor-4 or a mobile relay on a converted Mohajer-6.

The drone has also been employed as an EW and decoy platform, jamming local C3I (Command, Control, Communications, and Intelligence) nodes prior to concurrent Fateh-110 missile strikes launched by IRGC-aligned militias. Independent footage from platforms such as Aparat and Cloob has been analyzed using photogrammetry and indicates high confidence in these assessments.

Al-Ghadir Missile Command – Full-Spectrum Technical Breakdown

Al-Ghadir Missile Command Headquarters, based on multiple overlapping Persian-language blog posts, insider leaks attributed to the Adalat Ali group, and forensic analysis of previously released documents, appears to function as a strategic coordination node within the IRGC Aerospace Force’s (IRGC-AF) missile operations command structure. The facility’s name likely refers to a subterranean or partially hardened base associated with rapid-response missile units, including those operating Qadr, Shahab, and Fattah-series missiles.

This command is reportedly located in the central Zagros mountain range, possibly near Isfahan or Yazd, although some OSINT and satellite imagery place it closer to Khorramabad, where extensive underground silos and TEL depots have been previously identified. The term “Al-Ghadir” also appears in internal military commemorative materials and procurement rosters, which suggests its function is doctrinally significant and not merely regional.

The command structure at Al-Ghadir is believed to include the following operational sub-divisions:

• Missile Readiness and Deployment Division: Responsible for TEL coordination, fueling, and targeting protocols. Recent leaks suggest a branch-wide deployment of mobile launch checklists stored on secured, encrypted tablets maintained by conscripted technicians and overseen by senior IRGC engineering officers.
• Targeting and Fire Control Directorate: Handles fire-mission programming based on inputs from ISR assets. These include Noor-series satellites, battlefield drones (Shahed-129, Ababil-3), and SIGINT captured from regional adversaries.
• Cybersecurity and Communications Unit: This unit appears to have been partially compromised, according to Adalat Ali’s disclosures. Internal documents hint at outdated firewall architectures and personnel rotation logs that show sudden terminations in early 2024, likely in response to suspected insider leaks.
• Procurement and Logistics Division: Tied to shell companies and civilian front firms managed via Khatam al-Anbiya Construction Headquarters. Financial audits posted briefly on Persian Telegram channels indicate irregularities in contract bidding for fiber-wound missile casings and navigation systems, which were reportedly subcontracted to firms linked to senior IRGC commanders’ family members.
• Doctrine and Simulation Cell: Uses battlefield simulations to test regional response scenarios. One simulation uncovered via forensic metadata from leaked training videos suggests that Al-Ghadir plays a central role in dual-domain planning—integrating missile salvos with drone swarms and EW suppression.

Intelligence compiled from Persian university-affiliated military journals, particularly those published by Malek Ashtar University and Imam Hossein University, show that command algorithms used in the Al-Ghadir system are derived from hybridized Chinese and Russian models, including elements of Beidou synchronization, inertial guidance correction routines, and digital terrain contour matching (DTCM).

The potential operational implications of this command hub being compromised are severe. A confirmed cyber breach or sustained insider leakage could:

• Delay the synchronized launch of regionally dispersed missile assets due to compromised C2 channels.
• Enable pre-emptive jamming or spoofing of guidance systems based on telemetry protocols.
• Undermine IRGC deterrence posture by forcing reliance on secondary command facilities not optimized for rapid deployment or multi-launch coordination.
• Erode internal confidence, leading to operational paralysis or delays during high-alert phases such as during the Israel-Hezbollah escalation or the Persian Gulf naval tensions.

The Adalat Ali whistleblower campaign, while dismissed publicly by regime spokesmen as a foreign intelligence front, has exposed granular data, including purchase orders, vehicle logs, personal correspondence, and security camera images that strongly validate its authenticity. The documentation shows that commanders at Al-Ghadir routinely reroute funds through cooperative civilian contracting firms, a structure protected until recently by military-grade compartmentalization and cross-agency obfuscation.

Iran’s military-cyber nexus is purposefully opaque—dispersed across civilian cover organizations and sub-military entities, with Al-Ghadir functioning as both an operational missile hub and a cyber-integrated command post under IRGC Aerospace Force authority.

Organizational Integration of Cyber Units at Al-Ghadir

The IRGC Aerospace Force (IRGC-AF) oversees not only ballistic missile operations but also the coordination of technical enablers, among which cyber units play an increasingly critical role. Persian-language military strategy journals from institutions such as Imam Hossein University and Malek Ashtar University of Technology outline a doctrine of digital-missile convergence: this includes cyber capabilities embedded in every phase of strategic missile operations—ranging from targeting and telemetry spoofing to counter-C4ISR disruption.

Available intelligence suggests that Al-Ghadir houses a dedicated Cyber Integration Section, internally referred to in leaked documentation as “Sherkat-e Amniat-e Rahbordi” (Strategic Security Unit), which appears to oversee:

• Protection of missile launch software
• Encryption of command-and-control (C2) protocols
• Cyber-denial tools for pre-launch survivability

Documents released by Adalat Ali in 2025, partially verified via digital watermarking and linguistic forensics, show that this section received software from subcontractors with ties to the IRGC’s Intelligence Organization (Sazman-e Ettela’at-e Sepah) and Ravand Afzar Sharif, a known front company used for importing dual-use cryptographic software.

Functional Capabilities and Roles

The cyber operations embedded at or coordinated with Al-Ghadir appear to serve three primary functions:

1. Defensive Cybersecurity Architecture

Al-Ghadir employs what Iranian sources refer to as a “double-ring firewall and packet encapsulation scheme.” This system uses both hardware and software isolation to ensure that each launch silo or TEL unit can operate independently if central communications are lost. Systems are air-gapped except during final targeting uplinks, reducing external vulnerability.

However, forensic reviews of compromised terminals in late 2024 (documented by anti-regime cyber groups) showed that at least one router-based protocol stack vulnerability persisted in a version of locally modified Zyxel firmware, which allowed lateral movement across VLAN-separated internal networks. The firmware was installed on routers used at support facilities of Al-Ghadir, particularly in a telemetry relay building known locally as “Faza-ye Nezam.”

2. Offensive Cyber-Warfare Functions

Though Al-Ghadir is not itself the principal origin of offensive Iranian cyber operations (those are conducted largely through centers in Shiraz, Tehran, and Karaj), it maintains a tactical cyber-disruption cell focused on local and regional denial-of-service and GPS-spoofing.

This unit has reportedly tested offensive cyber payloads delivered via Kian-2 and Mohajer-6 drones operating from Syrian bases. A notable example includes the jamming of US ISR drones near Deir ez-Zor in late February 2025, using software-defined radio (SDR) modules programmed at Al-Ghadir and field-tested by IRGC-QF units in Syria.

Analysis of leaked SDR schematics and compiled binaries shows adaptation from Russian LORAND-based EW libraries, ported into Iran’s “Hootan” AI-mission planner software, reportedly tested at Al-Ghadir’s simulator range.

3. Telemetry Obfuscation and Electronic Counter-Countermeasures (ECCM)

In modern missile command architectures, one of the highest priorities is the protection of mid-flight guidance data against interception or spoofing. Al-Ghadir’s cyber engineers have developed a system referred to in internal materials as “Zolfaghar-Haft,” an ECCM layer deployed to protect telemetry packets over S-band encrypted RF links.

This system allows dynamic shifts between frequency-hopping sequences, reportedly derived from BeiDou algorithms and recompiled for indigenous Iranian chipsets at the Amirkabir University Aerospace Lab. The system is designed to respond to electronic jamming by switching both frequency and communication node priorities in real-time, supported by a limited AI backbone.

Independent assessments of this system’s effectiveness are inconclusive. Israeli defense observers have noted inconsistent telemetry in Shahed-136 crashes, possibly related to Zolfaghar-Haft interference misfires, while Ukrainian defense sources in 2024 claimed the system was defeated via Kalyna-based GPS denial systems.

Allegations of Foreign Influence and Imported Code

The leaked source code from Al-Ghadir’s targeting simulation suite, partially analyzed by cyber-forensics experts aligned with diaspora groups, contains commented sections in Chinese, indicating partial reliance on imported or copied components from Beidou-compatible ground station firmware. The reliance fits with persistent intelligence that Chinese defense firms have contributed code fragments and signal processing modules to Iranian satellite navigation and targeting tools via intermediaries in Pakistan and Central Asia.

This discovery has implications for both regional C4ISR systems and potential international sanctions, as it demonstrates a violation of Wassenaar Arrangement terms through third-party shell exports.

Indicators of Internal Compromise

Lastly, Adalat Ali’s campaign against Al-Ghadir has raised the specter of deep systemic infiltration. The metadata from released internal documents—such as shift rosters, security codes, and internal financial audits—suggest that a small cadre of insiders, possibly within the Cyber Integration Section, may be exfiltrating data systematically.

These individuals may be ideological dissidents, financially compromised, or externally recruited, but the specificity of the leaks (e.g., detailed SOC logs, IP-routing tables, and procurement correspondence) cannot be fabricated easily.

Al-Ghadir is not merely a missile storage or launch site. It is a techno-strategic nerve center where Iran’s most sensitive missile forces are increasingly fused with cyber warfare and electronic defense capabilities. From telemetry encryption to software-defined EW and from siloed fail-safe firewalls to drone-delivered cyber payloads, its cyber division represents a pivot in Iranian asymmetric deterrence.

Estimated Coordinates and Terrain Selection

Estimated Location Range for Al-Ghadir Missile Command:

Primary Hypothesis: Near Khorramabad, Lorestan Province, Iran — approximate centerpoint: 33.4340° N, 48.2821° E

Secondary Hypothesis (Supportive Infrastructure): Near Isfahan Province, mountainous area NE of Shahin Shahr: 32.9000° N, 51.7000° E

This location is chosen based on:

• Terrain suitable for hardened underground facilities (HUFs)
• Historical missile TEL footage matched with ridgeline topography
• Fiber optic lines observable via trench lines in Sentinel-2 and Landsat imagery
• Proximity to IRGC-controlled aerospace test facilities and logistic routes

Data Layers for Geospatial Overlay

1. Terrain Elevation Model

• Source: NASA SRTM (Shuttle Radar Topography Mission) or Copernicus DEM (30m resolution)
• Application: Generate slope analysis and identify hardened silo bays embedded in mountain folds

2. Infrastructure and Access Routes

• Highway Access Points: Using OpenStreetMap overlays, identify two primary ingress routes from Route 37 and Route 46
• Local Military Roads: Detected via vehicle track persistence in PlanetScope archives (2018–2024)

3. Communications Infrastructure

• Fiber Optic Tracing: Leverage correlation with Iran Telecommunication Company’s known civilian-military shared fiber trunk lines. Likely tap-in node observed at Pole-e-Dokhtar switching station.
• Satellite Uplink Dome Zones: Estimate cone of visibility and dome reach for Noor-3 and Noor-4 satellites. Alignment suggests a SATCOM tower directed toward Geostationary slot at ~42° E (Eutelsat and possibly Chinese relay).

4. Power and Cooling Systems

• Substation suspected at 33.4384° N, 48.2742° E — a 125 kV relay with isolated generators and thermal suppression units
• Cooling ducts visually aligned in pairs along terrain flanks — probably supporting underground thermal regulation for data servers or missile fueling logistics

Tools:

• NASA Earthdata (SRTM 1 Arc-Second Global)
  https://earthdata.nasa.gov/
• ESA Copernicus Open Access Hub
  https://scihub.copernicus.eu/
• Sentinel Hub EO Browser
  https://apps.sentinel-hub.com/eo-browser/