Eyes on the Battlefield: How Hacked Security Cameras Are Fueling Middle East Conflicts

As missiles arc through Middle Eastern skies, an invisible war is unfolding in cyberspace - one where security cameras, meant to protect, are weaponized as silent informants. In recent months, researchers have uncovered a surge of cyberattacks targeting internet-connected IP cameras across Israel, Qatar, Bahrain, Kuwait, the UAE, Cyprus, and Lebanon. Behind the blinking LEDs and glass lenses, threat actors are quietly watching, gathering intelligence that could tip the scales in real-world confrontations.

A New Cyber-Frontline

The latest wave of attacks, first detected on February 28, 2026, marks a dramatic escalation in the use of civilian infrastructure for military ends. According to Check Point Research, these campaigns are not motivated by ransom or profit. Instead, analysts believe Iranian-backed cyber operators are hijacking cameras to gather operational intelligence: monitoring missile strikes, calibrating targeting, and providing up-to-the-minute battlefield surveillance.

Such tactics aren’t new. During the brief but intense conflict between Israel and Iran in June 2025, compromised cameras reportedly streamed real-time feedback to attackers, including during a strike on Israel’s Weizmann Institute of Science. The current campaigns, however, are broader and more coordinated, with attackers deploying commercial VPNs and cloud servers to mask their activity and target devices across multiple countries.

Technical Tactics and Vulnerabilities

The attackers’ tools are as varied as their motives. They exploit a mix of old and newly disclosed flaws - such as authentication bypasses and command injection vulnerabilities - in popular camera brands like Hikvision and Dahua. These vulnerabilities (including CVE-2017-7921, CVE-2021-36260, CVE-2023-6895, CVE-2025-34067, and CVE-2021-33044) allow intruders to seize control of cameras, often without any login credentials.

While patches exist for these flaws, the region is rife with unpatched or unsupported devices, many still using factory-default passwords. This makes them low-hanging fruit for attackers. Notably, the surges in exploitation attempts often align with spikes in regional tensions - such as military visits, airspace closures, and heightened defense alerts - suggesting cyber activity is closely orchestrated with physical operations.

Defending the Digital Perimeter

Security experts urge organizations and governments to act decisively: restrict cameras’ internet exposure, enforce strong and unique passwords, patch firmware regularly, segment camera networks, and monitor for unusual activity. As the digital and physical battlefields converge, every unsecured camera becomes a potential liability, a window for adversaries to peer through at critical moments.

Reflections: When Surveillance Turns to Sabotage

The surge in IP camera exploitation across the Middle East is more than a technical footnote - it’s a stark warning. As conflicts become increasingly hybrid, the devices we trust for safety can be flipped into tools of surveillance and sabotage. In an era where cyber and kinetic operations are inseparable, vigilance isn’t just recommended - it’s imperative.

WIKICROOK

• IP Camera: An IP camera is a digital security camera that connects to the internet, allowing remote access and monitoring of video footage from anywhere.
• Command Injection: Command Injection is a vulnerability where attackers trick systems into running unauthorized commands by inserting malicious input into user fields or interfaces.
• VPN (Virtual Private Network): A VPN encrypts your internet connection and hides your IP address, providing extra privacy and security when browsing online or using public Wi-Fi.
• Firmware: Firmware is specialized software stored in hardware devices, managing their core operations and security, and enabling them to function properly.
• Battle Damage Assessment (BDA): Battle Damage Assessment (BDA) evaluates the impact and effectiveness of cyber or military operations, guiding response and future strategies.