Experts believe HAYI may be a facade for Iranian-coordinated operations, using social media to recruit individuals for low-cost, deniable attacks.
Authorities warn of a growing trend of 'gig-economy' terrorism, complicating attribution and heightening security risks for European and Western interests.
With Iran's old proxies failing, is 'gig terrorism' its new global strategy?
Will the US-Iran ceasefire survive these deniable proxy attacks across Europe?
How can Europe stop teenagers from being hired for terror attacks via Snapchat?
Is AI-powered crypto fundraising the unstoppable future of global terrorism?
Is Western society prepared for terrorism outsourced like a gig economy job?
Can states be held responsible for attacks they inspire but do not command?
Unmasking HAYI: How Iran’s Proxy Uses Gig-Economy Tactics to Fuel Terrorism in Western Europe
Overview
Between March and April 2026, Western Europe experienced a surge in attacks targeting Jewish communities and American sites, linked to the newly emerged group HAYI. This wave followed a U.S.-Israeli military campaign against Iran and was preceded by warnings of possible retaliatory strikes. HAYI operates using a decentralized "gig-economy" model, recruiting individuals via encrypted apps to carry out low-level attacks for small payments, blending terrorism with local crime. While digital evidence connects HAYI to Iranian proxies, inconsistencies and amateurish tactics create uncertainty about direct Iranian control. European nations responded with enhanced security and cross-border cooperation, but the evolving threat challenges traditional counterterrorism methods and highlights the growing role of hybrid warfare and technology in modern conflicts.