On the implausibility of anarchist operational security and the convenience of unsolved attacks with GRU footprints all over the “snow“.

---

In January 2026, a group calling itself the radical-right-sounding Vulkangruppe claimed responsibility for an arson attack that left 45,000 Berlin households without power during a winter freeze. A huge city without power and heat in freezing temperatures for four days, mobile networks unreliable, and it’s been classified as LOW. German authorities immediately, as if to bypass investigation, blamed an invisible “left-wing extremist” and anarchist movement. The Verfassungsschutz (Federal Office for Constitution Protection) dutifully updated its assessment. Politicians condemned eco-terrorism. The investigation begins now, after the political accusations.

This is the fifteenth year of such suspiciously directed investigations. None have produced a single conviction.

At some point in German history, the question for Berlin shifts from “who is this mystery Vulkangruppe?” to “why has no one been caught?” The answer reveals less about German use of anarchism for political purposes than about the architecture of plausible deniability in hybrid warfare. Or dare I say it’s about whether German intelligence is playing dumb, penetrated, or both.

…Nazi scene has crossovers with state officials. A Berlin police superintendent was accused of supplying classified police computer files to members of the far-right via a chat group. When this was discovered, the officer was simply relocated to another force.

The Timeline Problem

Vulkangruppe was launched in 2011. The Verfassungsschutz dates its founding to that year. The first attacks targeted railway infrastructure in Berlin, claimed by groups using volcano names of Iceland as their signature; a branding tactic that has remained remarkably consistent for fifteen years.

2011 definitely was not a random year in Russian politics, Russian infrastructure attacks, or Russian relations with radical-right groups in Germany. Vladimir Putin was preparing his return to the presidency after the Medvedev interregnum, consolidating what would become an increasingly aggressive posture toward the West. The following years saw Crimea’s annexation (2014), the systematisation of hybrid warfare doctrine, and the dramatic expansion of GRU operations across Europe. Putin, who served in the USSR to resurrect fascist groups in West Germany, was back in the saddle. Putin’s KGB Dresden tenure literally had been running Nazi assets undercover as chaos agent multipliers (e.g. building centrally planned and coordinated “anarchy” cells).

Vulkangruppe’s operational tempo tracks these developments with uncomfortable precision:

• 2011-2013: Initial attacks on rail and communications infrastructure during Putin’s return to power
• 2014-2017: Relative quiet during the consolidation of Crimea operations
• 2018: Resumption with power grid attacks as GRU operations intensify across Europe
• 2020-present: Escalating frequency and impact, paralleling documented GRU sabotage campaigns

Correlation is not causation. But when a group’s operational rhythm mirrors geopolitical strategy rather than ideological momentum, the analytical frame deserves proper caution and reconsideration.

Want more evidence? NTC Vulkan (НТЦ Вулкан) is a Russian company founded by Anton Markov and Alexander Irzhavsky in 2010. Both are graduates of St Petersburg military academy and served in the Russian army, with Markov reaching captain and Irzhavsky reaching major. Vulkan received special licences to work on classified military and state projects from 2011. Putin’s GRU gets a contractor called “Vulkan” cleared for classified work in 2011, and a self-described Vulkangruppe starts burning German infrastructure that same year. The contractor develops tools for infrastructure attacks and information operations, which is exactly what has been executed in Germany under “Vulkan” branding. The sheer coincidence of naming over time is a wonder to behold.

Year	NTC Vulkan (Moscow)	Vulkangruppe (Berlin)
2010	Founded by St. Petersburg military academy graduates	—
2011	Receives classified military/state project licenses	First attack: Ostkreuz cable bridge (May), rail disrupted
2013	Building Sandworm tooling	Adlershof radio mast attack
2014–2017	Crimea annexation, Ukraine focus	4-year operational hiatus
2018	Employees visit FSB-linked Radio Research Institute	Resumes: Charlottenburg power lines (6,500 homes)
2020	Documented GRU Unit 74455 contracts (Sandworm)	Heinrich Hertz Institute (digital infrastructure)
2021	Continued Sandworm development	Tesla idle factory shutdown, asks for government aid
2023	Vulkan Files leak to Western press	—
2024	Attribution public record	Tesla idle factory high-voltage mast, again asks for government aid
Sept 2025	—	Johannisthal: 50,000 households, 60 hours (longest since WWII)
Jan 2026	—	Lichterfelde: 45,000 households, nearly a week outage during expected winter cold streak

Not to state the obvious here but if a genuine anarchist momentum was suspected, it would need to explain an operational gap that perfectly brackets Vulkan’s focus on Ukraine.

The Operational Signature

The Center for Strategic and International Studies documented that Russian attacks in Europe nearly tripled between 2023 and 2024, after quadrupling between 2022 and 2023. The operational signature is now well-established: low-tech methods, high-impact targets, plausible deniability, locally recruited perpetrators, communications severed before primary attacks.

Vulkangruppe attacks display identical characteristics:

• Incendiary devices at cable infrastructure (low-tech, reproducible)
• Targeting of power substations and communications nodes (high-impact chokepoints)
• Ideological framing that provides alternative attribution (climate activism, anti-capitalism)
• Sophisticated operational security despite supposedly decentralised structure
• Zero successful prosecutions despite fifteen years of activity

The last point warrants emphasis. German intelligence acknowledges a 2015 “strategy paper” suggesting “a fixed structure.” Linguistic analysis of claim letters indicates a “partly identical circle of authors.” Yet the Verfassungsschutz officially reports: “Personenpotenzial in Berlin: nicht bekannt”—membership potential unknown.

This is NOT a description of anarchist cells. The opposite. Anarchist movements are notoriously penetrable; informants, defectors, and operational mistakes are endemic to decentralised structures. What German authorities describe is the operational security profile of a state intelligence service: compartmentalised, professionally managed, and protected.

The Acquittal Pattern

In 2024, German authorities arrested two suspects in connection with Vulkangruppe activities. The courts (Amtsgericht Tiergarten) found the evidence insufficient and acquitted both on 15 July 2024. The prosecution did not appeal.

This particular pattern of arrest, insufficient evidence, acquittal, no appeal is a well-known characteristic of cases where intelligence equities have complicated prosecution. Either the evidence cannot be presented without compromising sources, or the sources themselves are the complication.

German commentators have begun asking the obvious question: are Vulkangruppe operatives so far inside they also are Verfassungsschutz contacts? The precedent exists. Germany’s domestic intelligence services have a documented history of maintaining informants within extremist organisations who proved difficult to prosecute—the NSU case being the most notorious example.

But there is another possibility, less discussed: that the penetration runs in the opposite direction.

The AfD Intelligence Pipeline

In November 2025, German lawmakers described the Alternative für Deutschland (AfD) party of operating as a “sleeper cell loyal to Russia.” The accusation centred on the peculiar rush and direction of parliamentary inquiries. A flood of 47 requests within a single year were seeking very detailed information about:

• Police drone detection and defence capabilities
• Military logistics and procurement schedules
• Cybersecurity gaps at federal ministries
• Civil protection resources and healthcare facilities
• Data centre locations and emergency power supplies

Thuringia’s Interior Minister Georg Maier stated that the AfD appeared to be “working through a checklist from the Kremlin.”

The geographic overlap is precise. AfD’s strongholds of Thuringia, Brandenburg, Saxony are the exact same eastern German states where Vulkangruppe concentrates its operations. The Thuringia AfD branch, led by Björn Höcke (whom a German court ruled legally and officially you should call a fascist), has been under surveillance as a “proven right-wing extremist” organisation since 2021.

The information flowing through AfD parliamentary inquiries—infrastructure vulnerabilities, emergency response capabilities, power grid architecture—is precisely the reconnaissance data required for effective infrastructure sabotage.

The Designated and the Undesignated

The European Union, United Kingdom, Canada, Australia, and New Zealand have all designated The Base (Nazi organisation operated from St. Petersburg by alleged Russian intelligence asset Rinaldo Nazzaro) as a terrorist organisation.

The United States has not.

In December 2025, Nazzaro released audio calling for “acceleration teams” to conduct “targeted attacks on essential infrastructure” in America and Ukraine. Less than three weeks later, a fire at a San Francisco PG&E substation knocked out power to 130,000 customers. The cause remains under investigation by Exponent, the notorious firm whose business model is manufacturing reasonable doubt for corporate clients.

Germany faces an analogous situation. Presumably a Nazi terrorist group like The Base doesn’t need to focus there since Vulkangruppe operates with impunity while authorities insist it represents “left-wing extremism.” Documented Russian intelligence operations, including AfD’s systematic collection of infrastructure data, proceed through legitimate parliamentary channels.

The analytical question is not whether Vulkangruppe members personally hold some political beliefs of anarchy. Some may even wear an anarchist patch. The question is whether those beliefs, and the ideological framing of attack claims, are simply cover for operations serving ideologically different strategic purposes.

The Preparedness Day Parallel

On 22 July 1916, a bomb exploded during San Francisco’s Preparedness Day parade, killing ten people. The attack was never solved. But it was used very specifically to prosecute innocent left-wing organisers Tom Mooney and Warren Billings on fabricated evidence. This served President Wilson’s domestic political agenda, aligned with Germany, while actual German sabotage networks operated freely across American infrastructure.

The institutional utility of the attacks plaguing America remaining unsolved was they could be attributed to whoever served the administration’s purposes. The actual perpetrators, very likely connected to German military intelligence operations then active across American industrial targets, remained ghosts.

Wilson knew German agents were bombing American infrastructure. He was briefed by U.S. intelligence the country was under attack. His “neutrality” rhetoric provided cover for foreign sabotage and bombings described at the time as a “Holocaust” of fire in American industrial areas.

Contemporary Germany faces a structural parallel. The unsolved “left-wing extremist” attribution over more than a decade serves multiple functions:

• It directs investigative resources away from Russian intelligence networks
• It provides political ammunition against climate activism and anti-capitalist movements
• It maintains the fiction that infrastructure attacks are domestic rather than foreign
• It avoids the policy implications of acknowledging GRU operations on German soil

The attacks continue. The investigations produce nothing. And German citizens lose power in winter while their government debates the extremism of environmentalists.

What Would Evidence Look Like?

Critics will note that this analysis is circumstantial. No intercepted communications, no defector testimony, no documentary proof links Vulkangruppe to Russian intelligence.

This is true. It is also the point.

The absence of evidence after fifteen years of investigation is itself evidence of either spectacular incompetence or structural barriers to discovery. German intelligence services that successfully penetrate genuine anarchist networks, that maintain informants across the extremist spectrum, that coordinate with European partners on Russian hybrid threats, have somehow failed to identify a single member of an organisation conducting repeated attacks on critical infrastructure.

The growing question goes far beyond what would prove Russian involvement. It now is what would disprove the link, and whether German authorities are structured to even ask.

When the AfD gathers infrastructure intelligence through parliamentary inquiries, this is documented and denounced but not prosecuted. When Vulkangruppe attacks infrastructure with professional precision, this is investigated and unsolved. When European partners attribute identical attack signatures to GRU coordination, Germany maintains the anarchist frame.

The pattern suggests not investigative failure but investigative success to protect a conclusion that serves institutional interests.

Putin’s Abusive Attribution

Russia’s hybrid warfare doctrine treats attribution as a weapon. Operations are designed to permit multiple interpretations, allowing target governments to choose comfortable explanations over destabilising truths. A government that acknowledges GRU attacks on its infrastructure must respond. A government that attributes those attacks to domestic extremists can defer, study, and ultimately accommodate.

Vulkangruppe may include recruits from anarchist meetups led to believe they are in a cause. This does not preclude, and may even facilitate, their quick utility to Russian strategic interests. The GRU’s documented recruitment model emphasises “locally recruited perpetrators” who are “often unaware of the strategic intent.” Putin was notorious in the KGB days for politically weaponizing German athletic clubs.

The August 2025 Vulkangruppe pamphlet announced intentions to target “Russian and Ukrainian oligarchs”, which is precisely the kind of misdirection a sophisticated operation would include. The January 2026 attack targeted affluent neighbourhoods to “cut the juice to the ruling class”, using comic-book villain rhetoric that reads as ideological but functions as operational cover.

Fifteen years without an arrest. A strategy paper without identified authors. Parliamentary inquiries mapping infrastructure vulnerabilities. European partners warning of GRU sabotage at “record high” levels. And German authorities rapidly propping up signs that the only pattern to see here is anarchist eco-terrorism.

For historians of WWI Germany, the parallel requires no elaboration. For contemporary analysts, it demands one question: if this is not Russian hybrid warfare, what would Russian hybrid warfare look like? The answer, presumably, would look exactly like this.

The investigations continue, the exact wrong way. Perhaps because a conclusion was written before the evidence was examined.

---

NOTE: German intelligence services deny investigative failure and maintain that Vulkangruppe represents domestic left-wing extremism. The AfD denies being Nazis and acting on behalf of Russian interests, and characterises all surveillance other than their own as politically motivated. Russian authorities deny everything including conducting sabotage operations anywhere, ever.

US Secretary of State Rubio has defended AfD against extremist designation. FBI Director Patel has deprioritized far-right investigations. The Base remains undesignated in the country it explicitly targets. This transatlantic coordination of non-investigation of GRU footprints in today’s “snow globe” is, presumably, coincidental.