Hungary’s defense procurement agency, the VBÜ, has confirmed it was the target of a cyberattack by the international hacker group INC Ransomware. The group, which emerged in 2023, has primarily targeted sectors like healthcare, education, and government organizations. INC Ransom claimed responsibility for the breach and posted sample screenshots of the stolen data on its dark web portal, further fueling concerns about the nature of the attack. This incident is a significant development in the ongoing cyber threats faced by governments worldwide, with the attackers seemingly aiming for high-value, sensitive information.
Hungarian officials have been tight-lipped about the specifics of the stolen data. In an official statement, the Ministry of National Defense emphasized that VBÜ does not store sensitive military information, but they did not rule out the possibility of non-sensitive data being exposed. The breach reportedly involved the theft of procurement documents related to military plans, which could be of interest to adversaries seeking insight into Hungary’s defense strategies. Some of the leaked documents are believed to date back to October 2024, highlighting the recency of the breach.
The hacker group, known for its use of ransomware to encrypt files, reportedly downloaded and encrypted all of the agency’s files during the attack. Screenshots of documents that included details on Hungary’s military capabilities, such as air and land force information, were shared by INC Ransom on the dark web. The breach’s timing and the nature of the documents are causing alarm in Hungary, especially as they pertain to non-public military procurement data. These revelations point to the targeted nature of the attack, suggesting the hackers had specific interests in Hungary’s defense sector.
INC Ransom is demanding a $5 million ransom in exchange for not releasing further data. However, Hungarian officials have not commented on whether negotiations with the hackers are ongoing. Prime Minister Viktor Orbán’s chief of staff, Gergely Gulyás, has called the attack the work of a “hostile foreign, non-state hacker group,” but refrained from naming them. The Hungarian Ministry of National Defense continues to investigate the breach, and officials have assured the public that steps are being taken to assess and mitigate the damage.
