Check Point Research reports that Iranian‑nexus threat actors have intensified campaigns to compromise IP cameras across the Middle East, using known Hikvision and Dahua vulnerabilities to create a real‑time reconnaissance network that supports missile operations and battle damage assessment. The activity—linked to events like a 2025 missile strike on the Weizmann Institute and spikes around regional tensions—relies on many exposed, unpatched devices that could serve as early indicators of follow‑on kinetic attacks. #CheckPointResearch #Hikvision
Keypoints
- Check Point Research identified Iranian‑nexus actors targeting IP cameras across multiple Middle Eastern countries.
- Attackers exploit known vulnerabilities in Hikvision and Dahua devices rather than novel zero‑day flaws.
- Compromised cameras are used for real‑time reconnaissance and battle damage assessment to support missile operations.
- A reported 2025 missile strike on the Weizmann Institute followed the compromise of a nearby street camera.
- Widespread unpatched devices create a persistent reconnaissance network and surges in targeting may predict kinetic activity.