Hungary’s counterintelligence agency has released a report detailing alleged connections between a Hungarian man and foreign intelligence services, amid scrutiny over a reported operation targeting the Tisza Party. The release of the information by the Constitutional Protection Office (AH) comes after a report by Direkt36 outlined a suspected effort to disrupt the political party’s IT systems.
The document, published on the website of the National Security Committee of the Hungarian Parliament, was authored by AH Director-General Szabolcs Bárdos, a major general, and addressed to Zoltán Sas, the committee’s chairman. Although the report doesn’t directly address the Direkt36 article published Tuesday, its contents suggest it is an official response to the allegations. Direkt36’s investigation reported that documents indicate a well-organized operation aimed at crippling the Tisza Party’s information technology infrastructure. The report further alleges that when individuals linked to the party attempted to expose the alleged operation, they faced police investigations spurred by pressure from intelligence services, potentially on dubious grounds.
Tisza Party President Péter Magyar has reacted to the Direkt36 report, stating the situation “evokes the worst of the communist era and is more serious than the American Watergate scandal,” according to reports from Telex.
Prior to the release of the AH report, the agency had not responded to questions from Direkt36. However, the National Security Committee convened Tuesday, after which Bárdos’s letter to Sas was made public as official information. Notably, the Tisza Party is not mentioned by name in Bárdos’s letter.
The communication to Sas details information regarding an individual identified as “HD,” who the AH states has been under surveillance for years due to “contacts with hostile intelligence services.” Bárdos claims that HD was personally interviewed twice, and that these interviews “confirmed a significant portion” of the suspicions against him. The case highlights the sensitivity surrounding alleged foreign interference in Hungarian politics.
According to the report, HD made contact in 2022 with an individual identifying himself as an Estonian citizen, known as RM, who offered him the opportunity to study at the NATO Cooperative Cyber Defence Centre of Excellence. In the summer of 2023, HD traveled to Tallinn with his family for a week-long visit. However, the AH alleges that he did not attend the NATO center, as the training program is actually located in Vilnius. The agency also claims the certificate of completion presented by HD is not authentic.
Bárdos’s letter continues, stating that at RM’s request, HD met in Kyiv in late October 2023 with representatives of the IT Army of Ukraine, a volunteer cyber warfare organization affiliated with the Ukrainian military, along with other young people with whom he later communicated via Telegram channels. The AH Director-General alleges that HD admitted to collaborating with a branch of the Anonymous hacker group known as NB65, carrying out operations in support of Ukraine. He also reportedly visited the Ukrainian embassy in Budapest on multiple occasions.
The report indicates that in February 2023, HD and another individual, identified as MT, contacted representatives of a company that manufactures and distributes known spyware, attempting to procure the software. “He was reportedly assisted in this effort by an intelligence service from an EU member state,” Bárdos’s summary states. The AH Director-General also notes that HD visited an EU member state’s embassy in Budapest in May 2023, where he was shown intelligence-related equipment.
Bárdos informed Sas that, through RM’s mediation, HD met with a man named Rodri, who presented himself as an intelligence officer from an EU country and “asked him questions about the Hungarian political situation.” The letter then details that HD maintained online, written contact with “one or more individuals using cover names” who provided him with questions and tasks related to Hungarian politics, using methods consistent with intelligence operations.
“Mapping the background of these individuals is also part of the counterintelligence investigation,” the report reads.
Bárdos’s letter also addresses MT, a British-Hungarian dual citizen who has been the subject of previous criminal investigations related to computer misuse, fraud, and extortion. “MT previously came to the attention of the authorities due to private investigation activities, claiming to be able to obtain official data from state systems,” the letter states. According to Bárdos, the counterintelligence service began monitoring MT after establishing a clear connection between him and HD.
The AH Director-General also notes that a significant portion of MT’s income comes from a company registered in Estonia. “MT has been interested in acquiring equipment/dual-use products classified as intelligence services/license-required since 2019 and is in contact with foreign manufacturers of such products,” the letter states. According to the report, MT was also aware of HD’s intelligence connections and assisted in negotiations to procure licensed intelligence equipment, including spyware, jammers, and concealed recording devices.
Bárdos concludes his letter by stating that in July 2025, a report was filed with the National Media and Infocommunications Authority (NMHH) hotline alleging that the two men were planning to acquire and use equipment for creating content related to the online sexual exploitation of children.
“The NMHH immediately notified the investigative and national security authorities, and investigators from the National Bureau of Investigation conducted searches at the homes of those involved, where data storage devices and several illegally acquired/manufactured military-technical devices were confiscated. Police are currently investigating the individuals for the production of license-required military-technical equipment,” the letter states.
Background: In mid-summer last year, a heated political battle was already underway between Fidesz and the Tisza Party, when the National Bureau of Investigation received a report about suspected child pornography involving two Hungarian men. The report was specifically brought to their attention by a counterintelligence agency, the Constitutional Protection Office, which pressured the police to conduct a swift search of the two men, aged 19 and 38.
During the search, investigators found themselves at the homes of two IT specialists linked to the Tisza Party, landing them in a politically sensitive case. They seized dozens of data storage devices, including servers, phones, laptops, and SD cards. However, they found no evidence of child pornography. Instead, they uncovered hundreds of screenshots of conversations, revealing a strange recruitment attempt. An unknown individual using the name Henry attempted to network with the younger IT specialist in the first half of 2025 to facilitate him dismantle the Tisza Party before the elections.
