620 Attacks in One Day: Hungary Faces Relentless Digital Siege

The severity breakdown reads like a war report. Two hundred ninety-four critical threats. Two hundred sixteen high. Add them up and you're looking at over 80% of all detected incidents demanding immediate attention. Zero low-severity alerts. This wasn't background noise or random script kiddies probing for easy targets. The attackers knew what they were looking for, and they brought serious firepower.

Vulnerability exploitation accounted for 570 of the threats, with malicious activity making up the remaining 50. To put it bluntly: someone is systematically scanning Hungarian infrastructure for weaknesses, and when they find them, they're not hesitating to exploit them.

The port data tells us exactly what the attackers are hunting. Port 23 — the legacy telnet service that should have been killed off a decade ago — saw 120 connection attempts. Same for port 2375, Docker's unencrypted API. Redis databases on port 6379 took 116 hits. Remote Desktop Protocol on 3389 absorbed 110 attempts.

These aren't random targets. Each represents a potential foothold into enterprise networks. Docker and Redis are particularly worrying — misconfigured instances can give attackers complete control over containerized applications and data stores. Combined with the 59 hits on SMB port 445 and 37 on Elasticsearch port 9200, we're looking at a systematic campaign against enterprise infrastructure.

The geographic breakdown reveals an uncomfortable reality. Fourteen percent of identified attacks originated from Eastern sources — Romania and China specifically. Three attacks traced to Chinese infrastructure. That might not sound like much, but Chinese cyber operations rarely work through direct attribution. The People's Liberation Army's cyber units and Ministry of State Security-affiliated contractors maintain extensive proxy networks precisely to obscure their activities.

Romania's four attacks, while numerically small, warrant attention. As a NATO ally, Romanian-sourced attacks are more likely criminal than state-sponsored, but in the current geopolitical climate — with Hungary caught between East and West, and with regional tensions elevated — no source can be dismissed. Eastern European cybercriminal syndicates have demonstrated increasing sophistication, often selling access to state actors.

Perhaps most concerning: fourteen security events struck government networks. Two rated critical. With parliamentary elections looming in 2026, attacks on government infrastructure carry weight beyond mere technical concern. These are attacks on Hungarian sovereignty.

Hungary occupies an uncomfortable position in the current geopolitical landscape. Opposition to military escalation in Ukraine has drawn sharp criticism from Western allies and openly hostile rhetoric from Kyiv. That political friction translates directly into cyberspace. Foreign actors — both state and non-state — have clear motivation to disrupt Hungarian systems, gather intelligence, or undermine public trust ahead of the elections. Two critical events on government networks in a single day isn't background radiation. It's a signal.

DIGI and Magyar Telekom absorbed the heaviest traffic — 134 and 120 incidents respectively. Invitech added another 55, with Vodafone Hungary seeing 30. These numbers reflect the reality that residential and business broadband networks have become the frontlines of modern cyber conflict. The attackers aren't just targeting government systems. They're casting wide nets across Hungary's entire digital infrastructure, probing for any weakness they can exploit.