284 Strikes in Seven Days: The Siege on Hungarian Infrastructure Continues

Let's be clear about what a 13.9% decrease actually means in practice. The previous week saw 330 incidents; this week brought 284. That's still an average of 41 attacks per day, day after day, without pause. The daily breakdown reads like a metronome: 41 on Sunday, 42 on Monday, 41 on Tuesday, 40 on Wednesday, 39 on Thursday, 41 on Friday, 40 on Saturday. The consistency itself is telling. This isn't opportunistic hacking or random script kiddies testing defences. This is sustained pressure, a systematic probing of Hungarian digital infrastructure by actors who know exactly what they're doing.

The severity distribution should set off alarm bells in every security operations centre across the country. Of 284 recorded threats, 275 were classified as critical. That's 96.8%. Not high, not medium — critical. Zero medium-severity incidents were recorded. A single low-severity event appeared in the logs. Everything else was designed to breach, to compromise, to cause maximum damage. These aren't warning shots. They're live rounds.

The Eastern region accounted for 80 attacks, representing 28.1% of total hostile activity. Romania led this contingent with 38 incidents, followed by China with 18 and Russia with 14. Bulgaria contributed another 10. These aren't random distribution points. Romania shares a border with Hungary and has been a recurring source of hostile traffic. China and Russia, meanwhile, bring state-level sophistication to the table. When Russian or Chinese IP addresses appear in attack logs, we're rarely talking about independent actors. These are often coordinated operations, intelligence-gathering missions, or infrastructure-mapping exercises disguised as criminal activity. The 14 Russian-origin attacks this week should be read through that lens.

The United States topped the attacker list with 62 incidents, representing 21.8% of total traffic. On its face, that seems counterintuitive. But American IP addresses have long been favoured by sophisticated actors for proxy routing and anonymisation. Cloud infrastructure, compromised servers, bulletproof hosting — the digital fingerprints may read American, but the hands on the keyboard could be anywhere. The Netherlands, appearing in fourth place with 19 attacks, plays a similar role in the global cybercrime ecosystem.

Magyar Telekom absorbed 100 attacks this week — more than a third of all recorded threats. Vodafone Hungary faced 70, DIGI handled 66, Invitech weathered 34, and Yettel saw 14. These aren't abstract statistics. Each represents infrastructure that Hungarian citizens and businesses depend on daily. When telecommunications providers become battlegrounds, the collateral damage extends far beyond network operations centres. It affects everyone who picks up a phone, sends an email, or processes a transaction.

Hungary sits in the collision zone between Eastern and Western cyberspace. With parliamentary elections scheduled for 2026, the country has become a target for influence operations and infrastructure disruption. Ukrainian state and non-state actors have demonstrated both capability and motivation to interfere in Hungarian domestic politics, particularly given Budapest's opposition to war escalation policies. While Ukraine did not appear among this week's top attack sources, the broader pattern of hostility from Kyiv-aligned actors remains a persistent threat. Romania's position as the second-largest attack source is particularly notable given regional tensions and cross-border infrastructure connections.

Government networks recorded zero incidents this week. That could indicate successful defensive measures. It could also indicate that attackers are lying low, probing softer targets before escalating. Two active threat sources were identified — a small number, but these represent confirmed, ongoing hostile infrastructure. The absence of service-specific data makes it difficult to determine whether database services, web applications, or other critical systems bore the brunt of attacks. But the ISP distribution suggests broad targeting across consumer and enterprise infrastructure alike.