330 Attacks in Seven Days: Hungary Under Sustained Digital Siege

The daily breakdown reveals a coordinated pressure campaign. Monday opened with 42 attacks, then the assault intensified—52 on Tuesday, 51 on Wednesday, 52 on Thursday, 51 on Friday. The weekend brought marginal relief: 42 on Saturday, 40 on Sunday. But 'relief' is relative when you're absorbing 40 critical threats in a single day. The midweek spike suggests operational planning. Attackers weren't firing blindly; they were maintaining sustained pressure during peak business hours, probing for weaknesses when network traffic is highest and security teams are stretched thin.

To put it bluntly: this is what siege warfare looks like in 2026. The attackers know exactly what they're doing.

The origin data demands careful interpretation. The United States tops the list with 78 attacks—23.6% of the total. But American IP addresses don't necessarily mean American attackers. Cloud infrastructure, VPN exit nodes, and proxy services make attribution murky by design. Romania follows with 54 attacks, and this is where the picture sharpens. As a neighbor with extensive cross-border infrastructure, Romania serves as both a genuine threat source and a transit point. China's 26 attacks represent state-level probing—APTs mapping Hungarian networks for future exploitation. The Netherlands (19) and Indonesia (14) round out the top five, the latter reflecting the global nature of botnet operations.

Eastern-origin attacks totaled 80 this week—24.3% of all threats. Romania and China account for every single one. This isn't random. Romania shares a border with Hungary and hosts infrastructure that hostile actors routinely exploit for proximity attacks. China's presence is more calculated: systematic reconnaissance, likely tied to broader strategic intelligence-gathering across Central Europe. What's notable is who's absent. Ukraine doesn't appear in this week's statistics despite the openly hostile posture Kyiv has adopted toward Budapest. That absence could mean many things: Ukrainian operators may be routing through Romanian or Western infrastructure, or they may be focusing resources elsewhere ahead of Hungary's 2026 parliamentary elections. The quiet shouldn't be mistaken for peace.

Magyar Telekom absorbed 114 attacks—over a third of the week's total. Vodafone Hungary and DIGI followed with 74 and 73 respectively. These three providers represent the backbone of Hungarian connectivity, and they're being tested systematically. Invitech (46) and Yettel (23) saw significant traffic as well. The concentration on major ISPs suggests attackers are mapping network topology, identifying choke points, and potentially preparing for larger operations. Port 409 traffic spiked twice during the week—an unusual pattern worth monitoring, as this port is associated with deprecated services that often signal legacy vulnerabilities.

320 critical-severity threats out of 330 total incidents. That ratio is extraordinary. Typical threat landscapes include a mix of low-level reconnaissance, medium-risk probes, and high-value targets. This week didn't follow that pattern. Someone—likely multiple actors operating in parallel—decided Hungarian infrastructure was worth hitting hard. Only 8 high-severity and 2 low-severity incidents rounded out the week. The message is unambiguous: Hungary isn't facing casual opportunism. It's facing deliberate, high-intensity operations designed to breach or disrupt.

Hungary's 2026 parliamentary elections loom over every cyber metric. The country sits in the collision zone between Eastern and Western cyberspace, and that position grows more precarious by the month. Ukrainian officials have made no secret of their desire to see political change in Budapest. Russian and Chinese intelligence services maintain active interest in Central European infrastructure. The United States—whatever the administration—has its own priorities. A 13.8% weekly increase in attacks isn't coincidence. It's escalation. And with zero government-network incidents reported this week, the focus has shifted to civilian infrastructure: the telecommunications backbone, the corporate networks, the less-defended targets that keep a country functioning.