Magyar Telekom and Hungarian banks DDoS attack
A multi-wave distributed denial-of-service attack with traffic ten times the normal volume briefly disrupted Hungarian banking and telecom services, in what Magyar Telekom called one of the largest cyberattacks ever seen in Hungary.
- Victim
- Magyar Telekom
On 24 September 2020, Hungary's largest telecommunications operator Magyar Telekom and several of the country's banks were hit by a powerful distributed denial-of-service (DDoS) attack. The company later described it as one of the biggest hacker attacks in Hungary ever, both in scale and complexity.
What happened
In a DDoS attack, adversaries flood a target's network with junk traffic to exhaust its capacity and make services unreachable. In this case Magyar Telekom said the volume of traffic was roughly ten times that of a typical DDoS event, and the assault arrived in several distinct waves rather than a single surge — a pattern designed to probe and overwhelm mitigation defenses.
The traffic originated from servers located in Russia, China, and Vietnam. As is common with DDoS attacks, the geographic source of the packets does not reliably indicate who was behind the operation, since attackers routinely route traffic through compromised or rented infrastructure in third countries. No threat actor was publicly identified.
Impact
- Parts of Magyar Telekom's network in Budapest experienced service lapses.
- OTP Bank, Hungary's largest commercial bank, confirmed it was affected; online and mobile banking services that depended on the targeted telecom links were intermittently disrupted.
- Other Hungarian banks reported access problems during the waves of the attack.
The disruption was brief: Magyar Telekom's defenses absorbed and repelled the traffic, and services were restored the same day. No data theft or breach of customer records was reported — the attack aimed at availability, not confidentiality.
Why it matters
The September 2020 assault was a high-profile demonstration that availability attacks on shared telecom infrastructure can cascade into the financial sector. Because banks rely on the same upstream connectivity provided by national carriers, a DDoS aimed at a telecom operator can knock out online banking even when the banks' own systems are intact. The incident reinforced why national carriers and financial institutions in Hungary and across the EU invest heavily in scrubbing centers and DDoS-mitigation capacity, and it became a frequently cited example of the systemic risk concentrated in a handful of critical network providers.
Timeline
A multi-wave DDoS attack hits Magyar Telekom's network and Hungarian banking services, with traffic volume roughly ten times that of a typical DDoS event.
OTP Bank confirms its services were affected; banking access is intermittently disrupted alongside telecom services in parts of Budapest.
Magyar Telekom mitigates the assault, restoring services after several waves.
Magyar Telekom publicly discloses the attack, attributing the traffic to servers in Russia, China and Vietnam.
Sources
- whbl.comhttps://whbl.com/2020/09/26/hungary-hit-by-large-cyber-attack-from-asia-magyar-telekom/
- cybersecurity-insiders.comhttps://www.cybersecurity-insiders.com/cyber-attack-on-hungary-banks-and-telecom-services/
- kratikal.comhttps://kratikal.com/blog/powerful-ddos-attack-hits-hungarian-banks-and-telecoms-service/
- seclists.orghttps://seclists.org/dataloss/2020/q3/244