A surge in attempts to compromise internet-connected surveillance cameras across the Middle East has been identified, with activity attributed to infrastructure linked to Iranian threat actors, according to Check Point Research. The targeting began intensifying on 28 February and has affected Israel, Qatar, Bahrain, Kuwait, the UAE and Cyprus, with additional focused activity observed in parts of Lebanon on 1 March.
The campaign is focused on devices manufactured by Hikvision and Dahua, with scanning for known vulnerabilities including authentication bypass and remote code execution flaws; patches are available for all identified issues. Check Point examined exploitation attempts involving CVE-2021-33044 and CVE-2017-7921, traced to Iran-linked infrastructure and active since the start of the year.
The report notes similar tactics during the 12-day conflict between Israel and Iran in June 2025, including an incident where a street camera facing the Weizmann Institute of Science was allegedly compromised. To help mitigate risk, defenders are advised to remove WAN exposure, use a VPN, enforce strong credentials and keep firmware up-to-date, while segmenting cameras on a dedicated VLAN and monitoring for unusual login attempts and outbound connections.