Environmental Activism or Terrorism? Vulkangruppe Attacks Berlin Energy Infrastructure

By Anna Toso | 19 February 2026

Summary

• On 3 January 2026, the far-left group Vulkangruppe carried out an arson attack against Berlin’s power network, leaving numerous households and businesses without electricity for 5 consecutive days.

• This sabotage is one of several attacks that have affected Germany’s critical infrastructure in recent years, underscoring its exposure to physical and cyber threats, both domestic and foreign. 

• Although German authorities are strengthening their crackdown against Vulkangruppe’s members, these efforts are unlikely to eradicate ideologically driven sabotage operations, which have deeper environmental and socioeconomic structural motivations.

Context

On 3 January 2026, an arson attack hit Berlin’s power network and caused a 5-day-long blackout in the German capital. The burnt cables are located near the gas-powered energy generation plant of Lichterfelde, in a south-western neighbourhood of Berlin. The ensuing power outage affected an estimated 100,000 residents and 2,000 businesses, with repercussions also on hospitals, schools, and care homes. The far-left activist group Vulkangruppe claimed responsibility for the act through an online statement. They reported specific details about the damaged infrastructure and the attack’s technique. Their aims included targeting the fossil-fuel industry – a relevant share of Germany’s energy supply still originates from oil (34%) and from natural gas (27%) – the related capitalist socioeconomic structure, and environmental disruption.

Vulkangruppe: 15 years of unfruitful investigations

German authorities suspect Vulkangruppe of conducting sporadic attacks in the area of Berlin and Brandenburg since 2011. The organisational structure, size, and membership demographics of the group are unknown. Throughout the years, their sabotage actions consistently show similar rhetoric, and their methods imply high-level expertise. Most recently, the activists took ownership of an attack in 2024 at a large Tesla factory outside Berlin, causing damage worth almost USD 1b. At the time, several environmental advocates opposed the plant’s planned expansion and its significant consumption of resources, such as water, former forest land, and labour. Vulkangruppe was also behind another incident affecting high-voltage cables in Berlin’s Adlershof technology park in September 2025. Significantly, Berlin’s intelligence agency has registered an increase in extremist activities threatening the capital’s security since 2023, with links to right- as well as left-wing, Islamist, and foreign actors.

After the last arson attack, prosecutors announced potential charges of terrorist acts. Moreover, the German interior minister announced a EUR 1m (USD 1.2m) reward for informants useful in identifying and arresting Vulkangruppe members. The bounty suggests the local authorities’ intention to crack down on the “eco-anarchist group.” Far-left affiliates are less likely to cooperate with the police in exchange for monetary compensation compared to other radical collectives. That’s because of the strong ideological distrust of authorities, disapproval of capitalism, and often non-hierarchical organisational structures, which privilege independent attacks and limit the information known by each member.

Implications

Since 2022, hybrid threats to critical infrastructure in Germany have increased, underscoring the country's vulnerability to both domestic and foreign actors. Beyond national security, the implications extend to EU-wide energy resilience given the cross-border interconnectedness. The EU’s Critical Entities Resilience (CER) Directive establishes common standards for identifying, monitoring, and protecting critical infrastructure operated by public or private entities across 11 sectors, including the energy system. However, as the German context demonstrates, adoption is highly uneven across and even within the Member States.

On 29 January 2026, the Bundestag approved legislation – the KRITIS Umbrella Act – to safeguard critical national infrastructures, thanks to a compromise among the governing coalition. It implements the EU’s CER Directive over 2 years after the stipulated deadline and is reviewed every 2 years. This legislation establishes minimum protection standards for cross-sector critical facilities, including energy, transportation, and telecommunications. For example, operators supplying energy or water to 500,000 or more residents must undergo a risk analysis every 4 years and register with the Federal Office for Civil Protection (Bundesamt für Bevölkerungsschutz und Katastrophenhilfe).

However, the package also creates legal uncertainty. Local administrations are responsible for identifying critical infrastructure. Therefore, unevenness could arise across state jurisdictions regarding which companies will face tighter reporting obligations and security measures. Stakeholders in the energy and business sectors criticise the new policy due to its inefficient and overly bureaucratic procedures. Additionally, operators of critical infrastructure object to excessive transparency regarding the location and structure of strategic assets, which will increase security risks by making them more likely to be targeted. Despite these concerns, transparency and information sharing about the location and composition of security-relevant infrastructure are essential for system resilience and emergency response operations, including during natural disasters and physical or cyberattacks.

Beyond domestic weaknesses, officials have long suspected Russian sabotage, espionage, and disinformation operations in German territory, targeting both military and civilian critical energy and transport infrastructures. Additionally, drones of alleged Russian origin repeatedly invaded Germany’s airspace in the past months, raising concerns of significant gaps in its national security policy.

Forecast

• Short-term (Now - 3 months)

  • There is a realistic possibility that the increased investigative efforts of Berlin’s authorities will gather more information about the composition of Vulkangruppe.

  • Even if some Vulkangruppe members are identified and arrested, the strongly ideologically motivated group is highly unlikely to stop its sabotage operations. 

  • Rather, internal organisational overhauls, territorial shifts, or methodological innovations are likely outcomes of the governmental crackdown.

• Medium-term (3 - 12 months)

  • Beyond the implemented federal minimum standards, advisors and stakeholders in the energy and security sectors will likely pressure the Bundestag to discuss further legislation that enables cross-sector cooperation, threat assessment, and private-public information sharing to improve national security and crisis management.

• Long-term (>1 year)

  • Unless the approval of legislative reforms in the Bundestag becomes more efficient and rapid, Germany is unlikely to achieve a resilient energy system that fulfils the target of 100% renewable electricity supply by 2035.

  • Moreover, achieving the green energy transition goals will likely be a crucial prerequisite for Germany’s long-term energy security, environmental sustainability, and economic competitiveness.