FOLLOWING the US and Israeli attack on Iran on 28 February 2026, Iran has unified cyber and kinetic attacks into a single doctrine, with IP cameras being hacked to plan missile strikes and other attacks on physical assets. Check Point Research on 4 March published findings identifying intensified targeting of Hikvision and Dahua cameras, with the activity beginning on 28 February and extending across Israel, Qatar, Bahrain, Kuwait, the UAE, and Cyprus.
The research notes that camera compromise supports missile launches and that tracking activity from attributed infrastructures may serve as an early indicator of potential follow-on kinetic activity, according to Check Point Research. The exploits involve vulnerabilities such as CVE-2017-7921, CVE-2021-36260, CVE-2023-6895 for Hikvision, and CVE-2025-34067, CVE-2021-33044 for Dahua, and patches are currently available.
Iran has a history of using cameras to facilitate military action, with experts describing the current patterns as part of an Iranian war doctrine, as stated by Check Point and others.