Hybrid warfare is the coordinated use of military and non-military tools — including cyber attacks, disinformation, economic coercion, sabotage, proxy forces, and covert action — to achieve strategic objectives while remaining below the threshold of conventional armed conflict. The defining feature is not any single method, but the deliberate integration of multiple domains simultaneously, designed to exploit the seams between a target state’s military, political, economic, and information defenses.
The term entered mainstream military discourse through the work of U.S. Marine Corps officer Frank Hoffman, who in 2007 defined hybrid wars as conflicts incorporating “a range of different modes of warfare, including conventional capabilities, irregular tactics and formations, terrorist acts including indiscriminate violence and coercion, and criminal disorder.” But the practice is far older than the label. What distinguishes the modern iteration is the scale, speed, and technological sophistication with which state actors — particularly Russia, China, and Iran — now orchestrate campaigns across every domain of competition.
Within the broader field of irregular warfare, hybrid warfare occupies a contested but increasingly central position. Some scholars argue that it is simply old wine in new bottles — states have always combined military and non-military tools. Others contend that the integration of cyber capabilities, social media manipulation, and globalized economic leverage has created something qualitatively new. The debate matters less than the reality: hybrid warfare is the dominant form of state-on-state competition in the twenty-first century, and understanding its mechanics is essential for anyone studying conflict, defense, or resistance.
Origins: Gerasimov and the “Doctrine” Debate
The modern discussion of hybrid warfare accelerated after a 2013 article by Russian Chief of the General Staff Valery Gerasimov, published in the Russian military journal Voyenno-Promyshlennyy Kurier. Gerasimov argued that the distinction between war and peace was blurring, that non-military means could achieve strategic objectives previously requiring armed force, and that the “rules of war” had fundamentally changed. He presented an eight-phase model of conflict in which information operations, economic pressure, and political subversion preceded any conventional military action — and in which information warfare operated continuously across all phases.
Western analysts quickly labeled this the “Gerasimov Doctrine” — a framework that seemingly explained Russia’s subsequent actions in Crimea and eastern Ukraine. But the label is misleading. Mark Galeotti, the scholar who coined the phrase, later acknowledged that Gerasimov was arguably describing how he perceived Western powers waging conflict through the Arab Spring and color revolutions, rather than prescribing a Russian strategy. Russian military thinkers like Chekinov and Bogdanov had been developing similar ideas independently. Nevertheless, the concept proved useful for understanding the coordinated campaigns that followed — and the term stuck.
NATO adopted its own framework after Russia’s annexation of Crimea in 2014, establishing the European Centre of Excellence for Countering Hybrid Threats in Helsinki in 2017. The EU has increasingly used the term in official documents. By 2025, the president of the European Commission told the European Parliament that it was time to identify Russia’s campaign for what it was — hybrid warfare — and to respond accordingly.
The Five Domains of Hybrid Warfare
What distinguishes hybrid warfare from earlier forms of irregular conflict is the simultaneous employment of tools across multiple domains, coordinated at the strategic level. These domains are not used sequentially — they operate in parallel, creating compounding effects that overwhelm an adversary’s ability to respond through any single channel.
1. Information and Psychological Warfare
The foundation of hybrid warfare. Disinformation campaigns, propaganda, media manipulation, and narrative warfare are used to shape public perception, erode trust in institutions, polarize societies, and create confusion about what is actually happening. In the Gerasimov model, information warfare is the only tool used across all eight phases of conflict. Russia’s Internet Research Agency operations targeting the 2016 U.S. election, the industrial-scale disinformation surrounding the invasion of Ukraine, and China’s “wolf warrior” diplomacy all exemplify this domain. For practical countermeasures, see the Countering Misinformation page in the Resistance Toolkit.
2. Cyber Operations
Cyber warfare encompasses attacks on critical infrastructure — power grids, communications, financial systems — as well as espionage, data theft, and the disruption of military command-and-control networks. Russia’s 2015 and 2016 attacks on Ukraine’s power grid, the NotPetya malware (2017), and ongoing attacks on European government systems demonstrate how cyber tools can cause kinetic-level damage without crossing the threshold of armed conflict. Cyber operations are also the primary enabler of information warfare, providing the data and access needed to conduct influence campaigns at scale. The Digital Security & Privacy guide covers the defensive dimension.
3. Economic Coercion
The weaponization of trade, energy, debt, and financial systems to coerce target states without military action. Russia’s repeated use of gas supply cutoffs to European states, China’s economic pressure on Australia, South Korea, Lithuania, and Taiwan in response to political disagreements, and the strategic creation of infrastructure dependencies through initiatives like China’s Belt and Road are all expressions of this domain. Energy dependence — the vulnerability that Nord Stream both created and then demonstrated — is the paradigmatic example.
4. Sabotage and Physical Disruption
Covert physical attacks on critical infrastructure — undersea cables, pipelines, rail networks, energy systems, logistics hubs — designed to create chaos, impose costs, and demonstrate vulnerability. This domain has escalated sharply since 2022. Intelligence reports confirm a four-fold increase in Russian sabotage operations across Europe in 2024 compared to the previous year, with the surge accelerating into 2025 and 2026. The Baltic undersea cable campaign, Finnish rail sabotage near NATO bases, and arson attacks on logistics depots across Poland and Germany all fall within this domain. For a detailed analysis of how sabotage functions as a hybrid tool, see our dedicated article on sabotage in hybrid warfare.
5. Proxy Forces and Covert Action
The use of non-state actors, mercenaries, intelligence operatives, and “disposable agents” to conduct operations that maintain plausibility of deniability for the sponsoring state. Russia’s use of unmarked soldiers (“little green men”) in Crimea, its recruitment of agents via Telegram to conduct sabotage across Europe, Iran’s network of militias across the Middle East managed through the Quds Force, and China’s use of fishing flotillas to enforce territorial claims all represent this domain. The significant expulsion of Russian intelligence officers from Europe since 2022 forced Moscow to increasingly rely on low-level agents — often recruited online, sometimes with criminal backgrounds — reducing professionalism but maintaining operational tempo.
// The Five Domains of Hybrid Warfare
How State Actors Wage War Below the Threshold
Each domain reinforces the others. The power of hybrid warfare lies in their simultaneous, coordinated employment.
Information & Psyops
Disinformation · Propaganda · Election Interference · Narrative Warfare
Cyber Operations
Infrastructure Attacks · Espionage · Data Theft · Network Disruption
Economic Coercion
Energy Leverage · Trade Weaponization · Debt Dependency · Sanctions Evasion
Sabotage & Physical
Undersea Cables · Rail Networks · Arson · Energy Infrastructure
Proxy Forces & Covert Action
Mercenaries · “Little Green Men” · Disposable Agents · Militia Networks · Intelligence Operations
Framework: Adapted from Hoffman (2007), NATO Hybrid COE (2017), and CSIS (2024)
Case Studies: Hybrid Warfare in Practice
Russia in Europe — 2014–Present
Russia’s campaign represents the most comprehensive and sustained hybrid warfare effort in modern history. It began with the annexation of Crimea in 2014, where unmarked special operations forces, local pro-Russian militias, an intense disinformation campaign, and cyber attacks against Ukrainian government communications achieved a strategic objective before the international community could mount a response. The Kremlin maintained deniability throughout — the hallmark of hybrid warfare.
The 2022 full-scale invasion initially appeared to abandon the hybrid model for conventional force, but hybrid tools remained central: pre-invasion disinformation campaigns, energy coercion of European states, cyber attacks on Ukrainian infrastructure, electronic warfare against drones and GPS, and information operations aimed at fracturing Western support. The war demonstrated both the power and the limits of hybrid strategy — hybrid tools alone could not achieve Russia’s maximalist objectives, but they continued to impose costs and complicate the Western response.
Since 2022, Russia’s hybrid campaign against Europe itself has intensified dramatically. Dutch intelligence described it as a mix of cyberattacks, sabotage, disinformation, covert political influence, and espionage designed to stay below the threshold of open war. The Baltic undersea cable campaign, conducted partly through Russia’s shadow fleet of aging tankers, represents the newest frontier. ICCT research documented at least 151 hostile operations across Europe attributed to Russia since February 2022. The trajectory is unmistakable — intelligence services across NATO confirm that Russian hybrid operations are accelerating, not receding.
China: Economic Coercion and Gray Zone Operations
China’s hybrid approach differs from Russia’s in emphasis but follows the same logic. Where Russia leads with information warfare and sabotage, China leads with economic coercion and gray zone military operations. The systematic use of fishing flotillas as paramilitary economic warfare in the South China Sea, trade punishment of countries that cross Beijing’s political red lines (Australia, Lithuania, South Korea), cyber espionage at industrial scale, and the creation of strategic dependencies through Belt and Road infrastructure all represent hybrid warfare by Chinese characteristics. Two PLA colonels, Qiao Liang and Wang Xiangsui, articulated the conceptual foundation in their 1999 book Unrestricted Warfare, which argued that future conflict would transcend military boundaries entirely.
Iran: The Integrated Resistance Axis
Iran’s global irregular warfare apparatus — managed through the Islamic Revolutionary Guard Corps (IRGC) Quds Force — represents a hybrid model built on proxy networks rather than technology. Hezbollah, Hamas, the Houthis, and Shia militias across Iraq and Syria form a “resistance axis” that extends Iranian power across the Middle East without risking direct conventional confrontation with the United States or Israel. Iran combines these proxy forces with cyber operations, targeted assassinations, drone warfare, and information campaigns to maintain strategic influence far beyond what its conventional military capability would permit.
Why Democracies Are Vulnerable
Hybrid warfare is specifically designed to exploit the structural features of open, democratic societies. Free press, independent judiciary, open borders, market economies, civil liberties, and political pluralism — the very features that make democracies resilient in the long term — create attack surfaces that authoritarian states can exploit in the short term.
Three structural vulnerabilities stand out. First, the Article 5 threshold gap: NATO’s collective defense commitment is triggered by “armed attack,” but hybrid operations are specifically designed to stay below that threshold. Sabotage, cyberattacks, and information operations are treated as isolated crimes rather than elements of a coherent campaign, allowing the aggressor to impose cumulative costs without triggering collective military response. Second, democratic decision-making is slow by design — consensus-building across alliance members takes time, and hybrid campaigns exploit that deliberation gap. Third, open information environments that protect free speech also provide the infrastructure for disinformation at scale, and democratic governments cannot easily restrict information flows without undermining the values they are defending.
The result is a strategic paradox: the qualities that make democracies worth defending also make them vulnerable to hybrid attack. Recognizing the indicators of escalation before they compound is essential to closing this gap.
Responding to Hybrid Warfare
Effective responses to hybrid warfare require a whole-of-society approach that mirrors the multi-domain nature of the threat. Military capabilities alone are insufficient. The most developed response frameworks are the total defense concepts adopted by Nordic and Baltic states, which explicitly integrate civilian resilience, cyber defense, information literacy, economic preparedness, and armed resistance into a single national defense posture.
Modern resistance operating concepts — developed by NATO nations in response to Russia’s hybrid campaigns — also incorporate hybrid defense. These concepts recognize that civilian populations are not just targets but active participants in national defense, capable of sustaining non-cooperation with occupying forces, maintaining parallel institutions, and conducting intelligence gathering even when conventional military resistance is impossible. Ukraine’s civilian resistance to Russian occupation since 2022 has demonstrated this principle in practice.
The connection to nonviolent resistance is direct: many of the methods that civilian populations use to resist hybrid coercion — strikes, boycotts, information sharing, parallel governance — draw from the same strategic framework as organized civil resistance. Understanding both armed and unarmed dimensions of defense is essential for any society facing hybrid threats.
OSS: Combined & Remastered — 8 Manuals in One Volume
The original hybrid operators. The OSS combined sabotage, psychological operations, guerrilla support, and intelligence gathering into unified campaigns decades before the term “hybrid warfare” existed. All 8 declassified field manuals — including the Simple Sabotage Field Manual and the Morale Operations guide — remastered in a single volume.
Get the Book →Conclusion
Hybrid warfare is not a future threat. It is the present reality of great power competition. Russia’s campaign across Europe, China’s economic coercion and gray zone operations, and Iran’s proxy networks all demonstrate that the most consequential conflicts of the twenty-first century are being waged below the threshold of conventional war — in the spaces between military and civilian, between peace and conflict, between crime and act of war.
The response cannot be purely military. It requires informed citizens, resilient institutions, and national defense concepts that integrate civilian capabilities alongside armed forces. Every article on this site — from sabotage to subversion, from digital security to nonviolent resistance — addresses a dimension of this challenge. Understanding hybrid warfare is not optional. It is the starting point.
// Further Reading
Seth G. Jones — Three Dangerous Men: Russia, China, Iran and the Rise of Irregular Warfare (2021). CSIS senior vice president profiles the architects of hybrid warfare in Moscow, Beijing, and Tehran. Essential reading on how America’s principal rivals adopted irregular tools to erode U.S. power. Amazon →
Ofer Fridman — Russian “Hybrid Warfare”: Resurgence and Politicization (2018). The definitive academic treatment of how “hybrid warfare” evolved from Hoffman’s original concept to a politicized label applied (and misapplied) to Russian strategy. Traces the concept through both Western and Russian strategic discourse. Amazon →
Qiao Liang & Wang Xiangsui — Unrestricted Warfare (1999). Two PLA colonels argue that future conflict will transcend military boundaries — economic warfare, cyber attacks, terrorism, and lawfare will be the primary battlefields. Prophetic and still relevant. Amazon →
NATO Hybrid COE — Countering Hybrid Threats (ongoing). The European Centre of Excellence for Countering Hybrid Threats publishes open-access research, case studies, and policy analysis. Free access →
