Hungary Under Siege: 297 Attacks in Seven Days, 97% Critical Severity

The numbers barely moved from the previous week. A single percent drop, from 300 to 297 incidents, is statistical noise — not improvement. Hungary's cybersecurity apparatus is essentially treading water while the attacks keep coming. Wednesday, April 23rd, saw the week's peak: 51 incidents in a single day, 50 of them critical. That's a assault every 28 minutes around the clock. The weekend proved marginally quieter, with Saturday and Sunday both dipping below 45 incidents, but there's no comfort in that. The attackers never stopped. They just slightly reloaded.

Here's what should keep security teams awake at night: 288 of 297 threats were classified as critical severity. Four more registered as high. Zero medium. Five low. This isn't opportunistic script kiddie activity or automated scanning gone wild. Critical severity means the attacks carried genuine destructive potential — the kind that compromises systems, exfiltrates data, or enables persistent access. A 97% critical rate suggests adversaries aren't exploring. They're executing.

The United States topped the source list at 20.5%, accounting for 61 attacks. But raw numbers can mislead. American IP addresses are frequently proxy endpoints, VPN exits, or cloud infrastructure leveraged by actors elsewhere. Romania followed at 18.5% with 55 attacks — a substantial figure for a neighboring country, though Romanian hosting providers have long been favored by cybercriminals for their lax enforcement reputation. The Netherlands contributed 26 attacks, India 17, and both China and Germany registered 16 apiece.

The Eastern region — encompassing Romania, China, Russia, and Bulgaria — generated 84 attacks, or 28.3% of the total. Romania's 55 incidents lead this group, but the more concerning signals come from further east. China's 16 attacks and Russia's 7 represent state-capable adversaries with sophisticated tooling and strategic patience. These aren't random criminal enterprises. When Russian or Chinese infrastructure appears in attack telemetry, the assumption must be coordinated operation until proven otherwise. Hungary's position between East and West makes it a natural friction point in the global cyber contest, and this week's numbers reflect that uncomfortable geography.

Magyar Telekom absorbed 113 attacks — more than a third of the week's total. Vodafone Hungary saw 61, DIGI 58, Invitech 40, and Yettel 25. The concentration on major telecommunications providers suggests adversaries are targeting the backbone of Hungary's digital connectivity. Compromise a major ISP and you gain access to everything downstream: businesses, government agencies, residential connections. The attackers understand this. They're not aiming at individual targets. They're aiming at the infrastructure that connects everyone.

Parliamentary elections are scheduled for 2026, and Hungary finds itself in an increasingly hostile information environment. Ukrainian officials have made no secret of their frustration with Budapest's positions on the war, and that political tension manifests in cyberspace. While Ukraine didn't appear prominently in this week's source data, the broader pattern of hostile rhetoric and hybrid warfare tactics creates fertile ground for election-related interference. Government networks registered zero incidents this week — a hopeful sign, but hardly guarantee of safety. Adversaries planning election interference don't tip their hand months early. They wait, they position, they prepare.