‘Hundreds’ of Iranian hacking attempts hit IP cameras • The Register
‘Hundreds’ of Iranian hacking attempts hit IP cameras • The Register
https://www.theregister.com/2026/03/04/iranian_hacking_attempts_ip_cameras/
Publish Date: 2026-03-04 18:59:00
Source Domain: www.theregister.com
Multiple Iranian hacking crews have been targeting internet-connected surveillance cameras across Israel and other Middle Eastern countries since the war started on February 28, according to Check Point security researchers.
The Tel Aviv-based security shop has tracked “hundreds” of attempts to exploit a handful of bugs in IP cameras made by two manufacturers, Hikvision and Dahua, according to Sergey Shykevich, threat intelligence group manager at Check Point Research, in a conversation with El Reg.
The countries targeted in these digital intrusion attempts – Israel, Qatar, Bahrain, Kuwait, the UAE, Cyprus, and Lebanon – are the same ones that have seen significant missile activity linked to Iran.
Iran traditionally uses digital reconnaissance – including compromised cameras – to prepare for physical attacks. As recently as June 2025, threat groups linked to Iran’s Ministry of Intelligence and Security (MOIS) compromised servers containing live CCTV streams from Jerusalem, allowing the crew to surveil the city for potential targets, just days before launching missile attacks against Jerusalem.
This more recent camera-targeting activity from infrastructure attributed to “several Iran-nexus threat actors” may be an “early indicator of potential follow-on kinetic activity,” Check Point researchers said in a Wednesday threat intelligence report.
According to the security shop, the attack infrastructure combined commercial VPN exit nodes – including Mullvad, ProtonVPN, Surfshark, and NordVPN – and virtual private servers, which the Iranians used to scan for vulnerabilities in two specific surveillance camera brands: Hikvision and Dahua.
“No attempts to interact with other camera vendors were observed from this infrastructure,” the researchers wrote.
The vulnerabilities include:
- An improper authentication…
