Berlin, April 1, 2026 – A cyberattack targeting the Neukölln district heating plant in Berlin has been revealed, with a hacker group demanding a ransom for the release of stolen data. The incident, which took place on March 20, 2026, saw the attackers issue an ultimatum until March 29, which the operator reportedly allowed to expire. The group had threatened to publish the stolen data on the Darknet if their demands were not met.
Attack on Administrative Systems, Heating Supply Unaffected
According to reports, the attack primarily targeted the administrative level of the heating plant, causing disruptions to accounting and internal communication. A phishing attack is considered the most probable cause, suggesting an employee may have opened an infected email attachment. Despite the breach, the Berlin police have confirmed that the technical systems and heating output of the plant remain unaffected, ensuring continued supply to the approximately 60,000 homes, businesses, and operations in Neukölln and Kreuzberg that rely on its services.
“DragonForce” Group Suspected Behind Ransomware Attack
The hacker group allegedly responsible for the attack is identified as “DragonForce,” a ransomware group known for encrypting victims’ data and demanding payment for its decryption. There are also reports linking “DragonForce” to politically motivated attacks, with some characterizing them as “pro-Palestinian.” The police have not provided further details, citing ongoing investigations.
Neukölln Heating Plant: A Vital Supplier for Berlin’s South
The Neukölln district heating plant is a crucial energy provider in southern Berlin, boasting a network of pipelines stretching 124 kilometers, with an additional two to four kilometers added annually. Its uninterrupted operation is vital for a significant portion of the city’s residents. The operator’s decision to let the ransom ultimatum pass suggests a refusal to negotiate with the attackers, although the long-term implications of the data breach for the plant’s administrative functions are yet to be fully assessed.
Broader Implications of Cyberattacks on Critical Infrastructure
This incident highlights the growing threat of cyberattacks on critical infrastructure, underscoring the need for robust cybersecurity measures and rapid response protocols to protect essential services from malicious actors. The ongoing investigation by the Berlin police will aim to uncover the full extent of the breach and identify the individuals responsible for the attack.
The city of Berlin, like many urban centers, is increasingly reliant on digital systems for the management of its essential services. This makes such infrastructure an attractive target for various hacker groups, from those seeking financial gain through ransomware to those with political motivations. The incident at the Neukölln district heating plant serves as a stark reminder of the constant vigilance required to safeguard these vital systems.
Further updates on the investigation are expected as the police continue their work, but for now, residents can be assured that their heating supply remains secure despite the administrative disruption.
Source: https://www.morgenpost.de/berlin/article411604318/hacker-attacke-auf-berliner-fernheizwerk-in-neukoelln-loesegeldforderung.html
