The Hungarian government confirmed that non-state actors have hacked the country’s defence procurement agency contracts in a briefing to local media on 14 November 2024.
While it is reported that no sensitive data was compromised, the contracts did contain information regarding the status of the Hungarian Army’s air and land capabilities.
An investigation is said to be ongoing, with confirmation that the cyber attack was undertaken by foreign non-state actors, namely INC Ransomware – an extortion operation that emerged in July 2023. It is reported that the hackers requested $5m to unlock the data, after which they uploaded screenshots of the information to the dark web.
Hungarian modernisation
Among the Army’s most notable and costly programmes, GlobalData intelligence observes that Hungary is pursuing 217 Lynx KF41 infantry fighting vehicles from Rheinmetall; 16 H225M twin-engine, multi-role helicopters from Airbus; four National Advanced Surface-to-Air Missile Systems (NASAMS) from Kongsberg, though one has already been delivered a year ago.
Besides these flagship programmes, Hungary is also looking to leverage uncrewed aerial systems (UAS) since their proliferated use in the Russia-Ukraine war. GlobalData indicates that Hungary is eyeing Türkiye’s Bayraktar TB2 medium-altitude, long-endurance UAS, for which the company forecasts spending to grow to $90m on the system in the next ten years.
These varied programmes constitute the latest since Hungary’s modernisation efforts began eight years ago, enshrined in the Zrínyi 2026 development initiative.
Access the most comprehensive Company Profiles
on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Company Profile – free
sample
Your download email will arrive shortly
We are confident about the
unique
quality of our Company Profiles. However, we want you to make the most
beneficial
decision for your business, so we offer a free sample that you can download by
submitting the below form
By GlobalData
Strategic insights
While the government do not consider the compromised data to be ‘sensitive’ this information will, however, give some sense of the strategic insights, financial details, and perhaps hint at future defence projects, noted one cybersecurity consulting manager, Akhil Mittal, Black Duck.
“Even routine procurement details can be pieced together to form a comprehensive view of future capabilities,” Mittal suggested. “It’s valuable for both financial purposes and understanding a country’s defence strategies.”
This is disconcerting given that Army Technology found that Hungary’s defence procurement, while impressive and extensive, lacks a clear direction. It’s not just about technology and kit; it is also about forming a new strategy beyond acquiring such low-hanging fruit, which has been a particularly difficult endeavour.
International collaboration will prove useful to the Hungarian government in consolidating its strategic position in the European and global defence markets. Already, one of Germany’s leading arms companies, Rheinmetall, has a presence in Zalaegerszeg where the second phase of Lynx units will be produced indigenously, and in Várpalota, where there is an 155mm ammunition plant.
This partnership goes beyond armoured vehicles. Having attained the rights to SAR satellite imagery data from the Finnish microsatellite company ICEYE, Rheinmetall secured exclusive rights to provide the SAR data to military and government end-users in Germany and Hungary to inform operational planning.
Protecting Defence in cyberspace
“The hackers seemed to have two main goals: grab sensitive data and create public pressure,” Mittal determined.
“Sharing screenshots was not just about making money – it looks like they wanted to embarrass the government and draw attention to the breach.
“It’s hard to say if this was a full disinformation campaign, but their actions clearly aimed to create doubt and damage trust. We’re seeing this tactic more often now, where attackers focus on causing chaos and damaging credibility, not just going after money.”
Cyber resilience is not just about preventing your network from being compromised with a layered defence, it is also about empowering an organisation by allowing it to have more control over its network – to determine its connection to cyberspace arbitrarily.
“Defence institutions need to stay ahead of threats, not just react after the fact”, Mittal added.
“It starts with stricter access controls, so only the right people can see sensitive data. Regular vulnerability testing and red teaming exercises, where ethical hackers simulate real attacks, are crucial for finding weaknesses.
“Leveraging [artificial intelligence] and machine learning can enhance threat detection capabilities by identifying patterns. Following frameworks like NIST can provide strong guidance, but the real shift is in mindset: thinking ‘when we get attacked,’ not ‘if.’ Building a culture of continuous improvement is key to staying resilient.”