Internal documents prove that Hungarian Foreign Ministry knew about Russian cyber attacks on its systems

Two years ago, an article by Direkt36 revealed that Russian secret services had carried out a large-scale cyber attack against the IT network of the Hungarian Ministry of Foreign Affairs and Trade. 444 has now presented documents that not only provide further evidence that these attacks occurred, but also prove that the Foreign Ministry was well aware of the attacks: a letter from the head of one of Hungary's secret services clearly describes the extent of the cyberattacks and also clearly states who the perpetrators were.

In other words, the Hungarian Foreign Ministry was aware that invaluable national security data had been stolen from the Ministry's computers.

In March 2022, the Foreign Ministry called the revelations made by Direkt36 a campaign lie. Several Fidesz politicians and the ministry explicitly denied the newspaper's information, despite the fact that it was via off the record conversations that the newspaper had revealed the details about Russian secret service operations against Hungarian diplomacy.

The National Security Service (Nemzetbiztonsági Szakszolgálat or NBSZ) provides for the technical needs of all the other secret services. At the end of September 2021, the body's Director at the time, Lieutenant General Hedvig Szabó submitted a report on the state of the Foreign Ministry's IT network, and painted a troubling picture. The report, obtained by 444, was addressed to Tamás Vargha, who was then State Secretary for Civilian Intelligence at the Ministry of Foreign Affairs.

"The Contacts Directory which serves the systems of the Ministry of Foreign Affairs and handles the identification and authorisation of users, the mail service, the file server service, and an unspecified number of workstations have been compromised, including administrator accounts with top level authorisation. The total impact rendered more than 4,000 workstations and over 930 servers unreliable," Lt. Szabó said at the beginning of her report.

According to the report, the hackers were able to see emails, files, personal data of Foreign Ministry staff and a lot of other sensitive information. The report also clearly identifies the attackers. "Based on the attributes of the recent attacks, they can be linked to the APT 28 (Russian, GRU) and APT 29 (Russian, FSB v. SVR) groups." APT stands for Advanced Persistent Threat, a term used to describe hacking groups that are typically state or government-sponsored. GRU is the acronym for the Russian General Reconnaissance Directorate (i.e. the military intelligence service), while FSB is the Russian Federal Security Service, Russia's most extensive domestic intelligence service, and SVR stands for Russia's foreign intelligence service.

What Szijjártó said about it

On Monday, 13 May 2024, a few days after Viktor Orbán told Telex that Hungary has the best national security system in Europe, Minister of Foreign Affairs and Trade Péter Szijjártó hosted a public forum in Pilis. 444 asked the foreign minister how it was possible, if what Orbán said was true, that Russian hackers had penetrated the Foreign Ministry's system. Szijjártó replied that he was not aware of such a thing.

"When something like this happens, the government has institutions that are responsible for averting it...The government has institutions that do the necessary work of technical detection and taking countermeasures."

After 444 presented him with the letter from the director of the National Security Services, he claimed that the "organizations with the competence and capability" for dealing with such intrusions had taken the necessary steps to avert the threat. He also questioned whether the newspaper had obtained the documents legally; Szijjártó suggested that the information may have been obtained with the help of external intelligence services. "I think you should be careful," he said at the end of the interview.

The sources of 444 also said that the fact of the Russian attacks was so well known that for a while, intelligence officers serving at embassies under diplomatic cover were not allowed to use their foreign service correspondence accounts.