Russian hacker group breaches Hungarian geothermal system in coordinated cyberattack

hacker information technology hacker group russia
Source: Pixabay

A hacker group has launched a coordinated cyberattack affecting multiple European countries in recent weeks, according to a new report. Targets have included government agencies, financial institutions, and infrastructure providers.

Hungarian system targeted by Russian hacker group

As kiber.blog.hu reported, the hacker group known as SECTOR16 emerged on the international cybersecurity radar in early 2025, primarily targeting industrial control systems such as SCADA. Believed to be of Russian origin, the group has already compromised numerous critical infrastructure systems around the world, and now it has added a Hungarian target to the list. The group infiltrated a domestic geothermal heat generation system and published details of the breach on its Telegram channel. Translated into English, their message reads:

Hello, world!

We are SECTOR16, and today we leave a mark in the digital shadows. Belgium, the city of Budapest!

Before you lies a gas-handling system, composed of a precooler and a recirculation unit. We have gained access to an interface that controls critical infrastructure: fans, compressors, pressure and temperature sensors, as well as emergency protocols.

What do we see?

System errors: fan shutdowns, container overheating, pressure fluctuations (PIC1-18, PT1-15), risk of gas leakage (20% danger level).

Manual override: someone attempted to start the compressors and adjust parameters manually (100% power).

Trend data: temperature, pressure, and gas consumption logs in .CSV format, accurate to one decimal (0.1).

This is more than an attack—it’s a warning. Your systems are vulnerable, while the real world depends on digital solutions. Check your security settings before it’s too late.

🚨 We have decided not to interfere or alter system settings, as doing so could have unpredictable consequences for innocent people. We stand in solidarity.

Cybersecurity weaknesses

The compromised geothermal system is relatively straightforward: hot water drawn from underground is separated from dissolved gases, with the purified water used for district heating, while the gas is recompressed and reinjected after being stored under pressure. The hacker group likely exploited poorly configured remote access and the typically weak cybersecurity of OT (Operational Technology) systems. Industrial control systems are often years behind IT systems in terms of protection, making them attractive targets for hackers.

Potential for physical damage

Although SECTOR16 has not yet engaged in any destructive activity, the mere fact of unauthorised access poses a serious threat. In industrial systems, a single wrong action—such as inducing overpressure or disabling safety valves—can create explosive hazards. The vulnerability of such systems is more than a technical or operational issue; it presents real risks to human life and the environment. The group’s presence in the system underscores how digital vulnerabilities can have real-world consequences.

Collaboration and lessons learned

In the wake of the breach being made public, the professional community responded quickly and effectively, helping to assess and identify the issue, as well as reaching out to those affected. The collaboration between SeConSys, geothermal experts, and the NKI illustrates that defending against hacker groups requires both collective knowledge and institutional support. SECTOR16’s operation serves as a warning: OT systems are vulnerable, and it is time to catch up on cybersecurity.

Read more tech news on Daily News Hungary!

To read or share this article in Hungarian, click here: Helló Magyar

Read also:

Tags