Multiple Iranian hacking crews have been targeting internet-connected surveillance cameras across Israel and other Middle Eastern countries since the war began on February 28, according to Check Point security researchers. The Tel Aviv-based security firm has tracked hundreds of attempts to exploit vulnerabilities in IP cameras.
The targeted countries, including Israel, Qatar, Bahrain, Kuwait, the UAE, Cyprus, and Lebanon, mirror regions experiencing significant missile activity linked to Iran. This digital reconnaissance, which has historically preceded physical attacks, involves exploiting vulnerabilities such as improper authentication, command injection, and remote code execution in camera firmware.
The attack infrastructure utilized commercial VPN exit nodes and virtual private servers to scan for these flaws. While patches exist for these vulnerabilities, the ongoing targeting suggests a persistent effort to gather intelligence for “potential follow-on kinetic activities,” the researchers said.
The researchers urge defenders to update camera firmware, restrict direct WAN access, and isolate cameras on dedicated networks to mitigate risks. While current attacks are focused on the Middle East, there is an assessment that this activity could expand to other regions in the coming weeks. The broader implication is an increasing attack surface for regional infrastructure, potentially exposing it to high-disruption tactics.
