Cyber Operations and Hybrid Conflict In Ukraine: Evidence From The Global Terrorism Database And State Linked Cyber Campaigns

Abstract This article examines the intersection of kinetic violence and state-linked cyber operations in the context of Russia’s war against Ukraine. Using data from the Global Terrorism Database (GTD), the study analyzes patterns of violent incidents in Ukraine from 2014 onward and situates these trends alongside documented cyber campaigns attributed to Russian state-aligned actors. Rather than treating all non-conventional actions as terrorism, the analysis differentiates between terrorist-classified incidents captured in GTD and cyber operations targeting critical infrastructure, communications, and government systems. Case studies including the 2015 power grid disruption, the NotPetya malware outbreak, and subsequent wiper attacks illustrate how cyber capabilities have been deployed in coordination with or parallel to kinetic operations. The findings demonstrate that cyber operations function as a strategic enabler within hybrid conflict rather than as a standalone category of terrorism. The article concludes by assessing the broader implications for international security, highlighting how cyber spillover effects, supply-chain vulnerabilities, and transnational infrastructure dependencies extend the consequences of the Ukraine conflict beyond the immediate theater of war.