Hybrid Warfare Background

There is no one universally accepted definition of hybrid warfare.

Frank Hoffman helped popularize the term in 2007, when he argued that the United States would face a new kind of ‘hybrid’ threat in the 21st century, one where state and non-state antagonists would target US vulnerabilities using any and all tactics available to them. These earliest discussions focused on how irregular and hybrid tactics could be used to undermine US conventional military power.

Hoffman’s ideas were later taken up and built upon by Russian strategists. General Valery Gerasimov’s ‘New Generation Warfare’ (NGW). NGW develops themes that are now familiar in contemporary hybrid warfare; for example, the importance of information warfare in the Internet age, the utility of proxy forces, and employing cyberattacks and sabotage to target critical energy and financial infrastructure. And importantly: hybrid tactics are integrated into conventional military structures and deployed in times of war and peace.

In the contemporary context, NATO defines hybrid warfare as “threats combine military and non-military as well as covert and overt means, including disinformation, cyber attacks, economic pressure, [and] deployment of irregular armed groups… hybrid methods blur the lines between war and peace, and attempt to sow doubt in the minds of target populations. They aim to destabilize and undermine societies.”

This NATO definition captures the essence of hybrid warfare in the contemporary context: hostile acts that take place outside the scope of conventional inter-state conflict, with the intention of weakening an adversary, whether politically, economically, or militarily. Such operations can be performed by state or non-state actors, and they can serve as either a prelude or alternative to conventional war.

Hybrid Warfare in Practice

Cyberattacks

China-backed Salt Typhoon. Salt Typhoon breached routers, switches, and lawful intercept systems containing law enforcement surveillance requests from 2022 (latest) to its discovery in 2024. It’s believed that the China state-backed group gained access to call records, message contents, and communication metadata, such that US Senator Mark Warner called the breach the “worst telecom hack in our nation’s history.” More information on Salt and the other China cyberattack ‘typhoons’ can be found here.
Russia-backed Qilin. From January to November 2024, Qilin breached and published 135 databases, amassing over 32 terabytes of maliciously usable personal data. Targets have ranged from local governments, such as Upper Merion Township in Pennsylvania, USA, to multinational corporations. More information on Qilin and other hacking groups in the Russian space can be found here.

Sabotage

Underseas Cable Sabotage. Several incidents of sabotage were reported involving underseas cables and pipelines in the Baltic Sea from 2022-2025. Though Russia-linked actors have been suspected in some cases, investigators have been unable to prove Moscow’s culpability. The incidents prompted a conventional military response in NATO’s ‘Baltic Sentry’ mission launched in early 2025.
Europe Arson Attacks. Various arson and bombing attacks across Europe signal an escalation in hybrid warfare tactics after 2024. Two notable incidents are the burning down of the Marywilska 44 mall in Warsaw in May 2024 and the DHL package explosions in Birmingham, Leipzig, and Warsaw two months later. Notably, both incidents involved Russian military intelligence recruiting locals to carry out the attacks using financial rather than ideological incentives.

Disinformation

Rise, Fall, and Reinvention of Russia Today. RT, or Russia Today, is a state-owned media company that broadcast Russian views around the world in local languages, until it was banned in most Western markets following Russia’s invasion of Ukraine. But as a previous Geopolitical Monitor article argues, RT content – much of which carries a distinct anti-West bias – continues to be disseminated through alternative channels. RT is not alone, and as a soft power tool is somewhat comparable to China’s Global Times or the United States’ Radio Free Europe, with a key and important distinction being their varying degrees of editorial freedom.
Conflict Disinformation in Real-time. The brief military conflict between India and Pakistan in early 2025 saw another evolution in hybrid warfare, as state-linked entities on both sides sought to flood the online space with favorable narratives on how the war was progressing.

Latest Hybrid Warfare News & Analysis

How US Cable Security Policy Is Restructuring Indo-Pacific Digital Infrastructure

Situation Reports - May 26, 2026

Underseas anchor, Generated by Google Gemini AI on May 25, 2026. All flags, maps, and likenesses contained within this image are not necessarily accurate representations of reality.

It’s not just economics but geopolitics that’s guiding cable infrastructure decisions in the Indo-Pacific, and what’s being decided now will reverberate for decades to come.

We See You: Britain’s New Posture on Russian Cable Threats

Situation Reports - Apr 22, 2026

Underwater UAV spotlight, Generated by Google Gemini AI on April 20, 2026. All flags, maps, and likenesses contained within this image are not necessarily accurate representations of reality.

Britain's decision to publicly announce Russian submarine activity near its cables marks a shift from covert monitoring to deterrence-through-visibility. This is a posture shaped as much by legal constraint as strategic choice.

Distributed Risk: Open-Source Software as Strategic Infrastructure

Situation Reports - Apr 13, 2026

Generated by Google Gemini AI on April 13, 2026. All flags, maps, and likenesses contained within this image are not necessarily accurate representations of reality.

The 2024 XZ incident illustrates how open-source software (OSS) has become strategic infrastructure in the global economy, opening up new strategic vulnerabilities and new pathways to geopolitical leverage.

Russia’s Gray Zone Warfare Campaign in Europe

Backgrounders - Feb 19, 2026

Generated by Google Gemini AI on February 18, 2026. All flags, maps, and likenesses contained within this image are not necessarily accurate representations of reality.

In an ongoing effort to sow social discord and create political costs for supporting Ukraine, Moscow is pushing the envelope on gray zone warfare. This backgrounder examines the costs and benefits of the Kremlin’s campaign, highlighting some of the most notable incidents of arson and sabotage on the continent.

Why Venezuela’s Air Defenses Never Fired

Situation Reports - Jan 14, 2026

S-300 Venezuela abstraction, Generated by Google Gemini AI on January 12 2026. All flags, maps, and likenesses contained within this image are not necessarily accurate representations of reality.

The Venezuelan operation vividly illustrates how 21st century warfare is increasingly defined less as a clash of forces than as an asymmetric competition between decision architectures.

Geopolitics Weekly (Ukraine Peace Talks, Poland Sabotage, Saudi F-35s)

Forecasts - Nov 24, 2025

This week we cover the corruption scandal in Ukraine which triggered the latest round of ongoing peace efforts, new suspected hybrid warfare attacks in Poland, the sale of a new missile defense system to Taiwan, and the long-resisted approval of F-35 sales to Saudi Arabia.

Russian Airspace Violations Demand Firm NATO Response

Opinion - Sep 29, 2025

cc Andrei Shmatko , modified, https://commons.wikimedia.org/wiki/File:Mikoyan-Gurevich_MiG-31BM_bn99_2020.jpg

Amid mounting airspace violations on the alliance’s eastern flank by Russian drones and jets, it’s time for NATO to respond on its own terms, rather than the Kremlin’s.

Hybrid Warfare in NYC? Takeaways from the UN SIM Network

Situation Reports - Sep 25, 2025

Generated by Google Gemini AI on September 25, 2025. All flags, maps, and likenesses contained within this image are not necessarily accurate representations of reality.

The discovery of a cache of malicious networking equipment in New York City over the weekend could represent a significant development in the ongoing evolution of hybrid warfare.

“War Without Harm”: China’s Hybrid Warfare Playbook Against Taiwan

Situation Reports - Sep 16, 2025

Generated by Google Gemini AI on September 15, 2025. All flags, maps, and likenesses contained within this image are not necessarily accurate representations of reality.

Beijing’s ideal unification scenario is a ‘war without harm’ – Taiwan’s unconditional surrender in the face of overwhelming hybrid warfare and military pressure. Here’s what this scenario might look like, and what Taipei can do to prepare.

The Other Archipelago: Latin America’s Gray-Zone Conflicts in a Multipolar World

Opinion - Aug 21, 2025

China ships at Whitsun reef, South China Sea, cc Philippine Coast Guard (PCG), / The BRP Cabra of the Philippine Coast Guard and two vessels of the Bureau of Fisheries and Aquatic Resources approaches Chinese-flagged ships at Whitsun Reef (known as Julian Felipe Reef in the Philippines) on April 13, 2021 during maritime patrol operations. /https://commons.wikimedia.org/wiki/File:Chinese_Ships_at_Whitsun_Reef_Apr_13,_2021.jpg

The gray-zone tactics of the South China Sea have come to Latin America. So too should the maritime flashpoint’s most enduring lesson: presence, not principle, determines control.

The Weaponization of Migrants Is Undermining the EU and its Allies

Opinion - Jul 15, 2025

The barrier hinders illegal border crossings, provides reaction time for the Border Guard, and serves as protection for Polish authorities against aggressive actions by illegal migrants and Belarusian regime forces. Its full functionality will be achieved after equipping it with electronic systems (motion sensors, cameras). / modified / Kancelaria Prezesa Rady Ministrów / https://commons.wikimedia.org/wiki/File:20220630_Zapora_na_granicy_polsko-bia%C5%82oruskiej_004.jpg

If Brussels hopes to confront the threat posed by irregular migration from Russia and Belarus, it must work collaboratively with its members to prevent this new form of hybrid warfare from overwhelming frontline EU states.

Israel Hybrid Warfare in Gaza: Regular Goals, Combined Means

Situation Reports - Jun 27, 2025

CC https://t.me/idfofficial/4717, MODIFIED, IDF soldiers preparing for ground activity in Gaza

Israel has adopted a combined approach in Gaza, blending conventional and hybrid warfare. But the strategy is not without risk.

Unsecured Fronts: How Hybrid Warfare Influences Strategic Competition

Situation Reports - Jun 25, 2025

An MQ-1 Predator unmanned aerial vehicle and F-16 Fighting Falcon return from an Operation Iraqi Freedom combat mission. Both aircraft provide intelligence, search and reconnaissance gathering features, as well as munitions capability to support ground troops and base defense. (U.S. Air Force photo/1st Lt. Shannon Collins)

Hybrid warfare is changing the nature of modern conflict, and it’s being facilitated by three trends: evolving technology, political apathy, and proximity to critical infrastructure.

Typhoon Watch: China Cyber Espionage Comes of Age

Backgrounders - Jun 24, 2025

This report examines how China cyber espionage has been evolving over the past decade, from the critical infrastructure risk of Volt Typhoon to the more recent Salt Typhoon, described as the ‘worst telecom hack in US history.’

China Merchant Marine: A Tool of Political Power Projection

Situation Reports - Apr 02, 2025

Chinese ships at Whitsun Reef; cc Philippine Coast Guard/National Task Force-West Philippine Sea (Handout via Reuters) - Both are government bodies under the Philippine government., modified, https://commons.wikimedia.org/wiki/File:Chinese_vessels_at_Whitsun_Reef.webp

Where conventional merchant marines are typically commercial outfits that can be repurposed for military logistics in times of war, China’s merchant marine is political by design.

Russia’s Shadow Fleet: A Masterclass in Sanctions Evasion

Backgrounders - Mar 27, 2025

Ship Name: BRO NISSUM / Ship Type: Oil Products Tanker. The tanker is mainly used for the transport of petroleum products. / Photo illustrative; ship is not part of Russia's shadow fleet / cc r W. Bulach, modified, https://commons.wikimedia.org/wiki/File:00_0558_Oil_tankers.jpg

Russia’s shadow fleet has blunted the impact of Western energy sanctions, and other sanctioned states will seek to duplicate the trick in the future.

Undersea Cables Latest Target of China’s Hybrid Warfare Strategy

Situation Reports - Jan 09, 2025

cc COMSEVENTHFLT, modified, WATERS TO THE SOUTH OF JAPAN (April 2, 2015) - Sailors assigned to the submarine tender USS Frank Cable (AS 40) man the rails as they pass Mount Suribachi following a wreath-laying ceremony commemorating the 70th anniversary of the Battle of Iwo Jima. The ceremony honored those who fought in the battle and included personal testimony from Sailors who had family fight in the battle, laying of a wreath, a 21-gun salute and the playing of taps. Frank Cable, forward deployed to the island of Guam, conducts maintenance and support of submarines and surface vessels deployed in the U.S. 7th Fleet area of responsibility and is currently on a scheduled underway period. (U.S. Navy photo by Mass Communication Specialist 2nd Class Greg House)

The severing of undersea cables in the Baltic Sea and off the coast of Taiwan echo the ongoing evolution in the hybrid warfare strategy of China, a likely culprit behind the sabotage.

Mercenaries of Influence: How Russian PMCs Redefined Power Projection

Situation Reports - Oct 16, 2024

Russian PMCs have helped the Kremlin expand its global alliances and secure critical minerals, and all at a relatively low cost. They will remain a feature of Russian foreign policy unless countered by Washington.

South China Sea Dispute: China’s Gray Zone Tactics Backfiring

Situation Reports - Apr 18, 2024

https://www.defense.gov/Multimedia/Photos/igphoto/2003211860/

Major advances in US-Philippines cooperation, backed by growing involvement from Japan and Australia, are neutralizing the gray zone tactics that have helped China alter the map of the South China Sea.

The West Should Help Expand Ukraine’s Cyber Offensive against Russia

Opinion - Mar 20, 2024

cc ∁ormullion, modified, https://flickr.com/photos/153311384@N03/40245487334/in/photolist-24jmDfE-49XqW-25khDLG-8yVrmq-25khDZY-53rCMY-2xFUNZ-6cpy1W-6ckpCk-6cpxvN-ueYi2-MzYNbo-r2ouJ-5Qsi5D-nF38Ms-6iJm2j-HwpsH5-4yCd2R-6QMd9d-2iuT9hc-akTYBs-25khDEQ-24jmFL1-2kUftvb-HgfCrQ-27ecoJ9-25khEVf-24jmGah-7cDUM1-2pmweND-25khEiU-JX7xnR-65Vn5r-6732ag-25khFcs-25khExw-5MtyVS-25khEaY-Tqqf9W-dnYgk-9DiqTx-25khFQb-bw7vvB-57vWvH-pHXq6-2P2z2Y-Y1iu3Y-8JX9FJ-aNCgQ2-2j9jZSZ

Support for Ukraine on the cyber front will assist a key ally, allow for the development of best practices in a new field of warfare, and deter future cyber attacks from other hostile states.