New Delhi: Indian security agencies believe several terror-linked modules allegedly operated by underworld networks at the behest of Pakistan's Inter-Services Intelligence (ISI) may have been used as a diversion to draw attention away from a larger planned attack in Jammu and Kashmir.

The assessment follows a series of investigations over recent months that led to the arrest of several young recruits allegedly drawn into the networks through social media platforms. During the probes, the names of underworld figures Dawood Ibrahim, Shahzad Bhatti and Ajmal Gujjar surfaced.

Initial investigations suggested that some of the modules were preparing attacks in Delhi and Mumbai. However, intelligence agencies now suspect that these networks may also have been part of a broader strategy designed to distract security agencies from a more significant terror plot targeting Jammu and Kashmir.

A senior Intelligence Bureau official said the wider objective appeared to be a major strike in the Union Territory.

"It is a fact that the underworld has set up multiple modules in the country. Some of these networks may have been intended only to create confusion and divert attention away from a possible attack in Jammu and Kashmir," the official said.

Recruitment focused on technical skills

Investigators found that the underworld-linked networks had targeted individuals with specific technical expertise, including mobile phone mechanics, computer specialists and CCTV technicians.

The pattern first emerged after police uncovered a module operating from Faridabad. According to investigators, members of the group had installed solar-powered CCTV systems at sensitive and crowded locations.

At the outset, agencies believed the network was planning attacks in major cities such as Delhi and Mumbai. Further examination, however, pointed towards a larger conspiracy involving Jammu and Kashmir.

Intelligence inputs indicated that the ISI was attempting to engineer an attack resembling the Pulwama and Pahalgam incidents.

Officials said the recruitment strategy differed from previous operations.

"The modus operandi adopted this time was different. The recruits were all Indian nationals, and religion was not a factor in their selection," officials said.

According to investigators, the ISI allegedly sought to recreate the impact of Pulwama and Pahalgam while relying on Indian operatives as the primary executors.

Officials also noted that handlers did not appear to focus on recruiting people from Jammu and Kashmir.

"Recruiting local residents from Jammu and Kashmir would have immediately attracted suspicion and increased the chances of the network being exposed," they said.

Security remains on high alert

Security arrangements in Jammu and Kashmir remain at the highest level following the Pahalgam attack and Operation Sindoor, during which Indian armed forces targeted and destroyed terror infrastructure linked to Lashkar-e-Tayiba and Jaish-e-Mohammad, an official said.

The official added that while the ISI continues attempts to revive or establish home-grown terror networks in Jammu and Kashmir, such efforts are currently being carried out discreetly.

According to officials, Pakistan remains keen to keep the Kashmir issue active despite facing internal challenges following unrest in Balochistan, Khyber Pakhtunkhwa and Pakistan-occupied Kashmir.

Another intelligence official warned that agencies must remain vigilant for the emergence of additional modules allegedly linked to figures such as Bhatti and Dawood.

The official said these networks were allegedly attempting to establish multiple cells capable of targeting Indian cities. At the same time, some modules may have been intended to serve as distractions while another group carried out an attack in Jammu and Kashmir.

Faridabad module under scrutiny

Investigators examining the Faridabad module found that its members had allegedly planned to install CCTV systems at railway stations along the Delhi-Jammu route to monitor military movements.

The recruits had also travelled to Pulwama and were accused of passing sensitive information to handlers based in Pakistan.

According to officials, these findings suggested that the module's role was to gather detailed intelligence from Kashmir to facilitate an attack similar to those seen in Pulwama and Pahalgam.

The investigation into the network and its alleged links to Pakistan-based handlers remains ongoing.