Védelmi Beszerzési Ügynökséget

Védelmi Beszerzési Ügynökséget (VBÜ) is a Hungarian state agency whose primary responsibility is the procurement of equipment and services for the nation’s military and law‑enforcement sectors. It manages the full acquisition lifecycle, including the preparation of tenders, evaluation of bids, negotiation of contracts, oversight of delivery, and processing of payments. The agency’s work ensures that defence and public‑security organisations receive the materiel they need to fulfil their operational mandates while adhering to budgetary and regulatory requirements. VBÜ maintains detailed internal records such as financial reports, email correspondence, procurement lists, and organisational documentation that support these activities and provide transparency to oversight bodies.

In November 2024 VBÜ became the target of a ransomware operation conducted by the Inc. Ransomware group, which encrypted files and demanded a five‑million‑dollar payment to prevent the release of exfiltrated data. The attackers obtained a broad range of sensitive information, including financial statements, internal emails, procurement schedules, organisational charts, and a memo indicating a suspension of future procurement procedures. Although a portion of the data was later leaked publicly, Hungarian officials asserted that no military structural data had been compromised and sought to minimise the perceived impact of the breach. The incident prompted a criminal investigation, with authorities acknowledging the breach while emphasising that ongoing procurement activities continued despite the referenced suspension in the leaked material. The attack underscored the cyber‑security challenges faced by state bodies that handle high‑value defence contracts and highlighted the importance of protecting procurement‑related information.

As a state entity, VBÜ is owned and financed by the Hungarian government, with its headquarters situated in Hungary, although the specific city is not disclosed in the available sources. No information is provided about parent or subsidiary relationships, indicating that the agency operates as a standalone organisation within the public administration. Its mandate is confined to procurement functions for defence and law‑enforcement, without broader operational, combat, or policy‑making responsibilities. This structural focus allows VBÜ to concentrate on ensuring that acquisitions are conducted efficiently, transparently, and in accordance with national security objectives.