Ethical Hacking News
Iran-linked hackers have been targeting IP cameras across Israel and Gulf states for military intelligence, using compromised cameras to support battle damage assessment during the June 2025 Israel-Iran conflict. The attackers used vulnerabilities in Hikvision and Dahua devices, including CVE-2017-7921 and CVE-2021-33044, to gain access to the cameras. This attack highlights the growing threat of cyber warfare and the importance of securing IoT devices.
Iran-linked actors targeted IP cameras across Israel and Gulf states for military intelligence gathering purposes. The attacks were attributed to Iranian threat actors, who leveraged compromised infrastructure to exploit known vulnerabilities in Hikvision and Dahua technology cameras. The attacks began on February 28, with targeted activities extending across several countries, including Israel, Qatar, Bahrain, Kuwait, the UAE, and Cyprus. Attacks focused on specific areas in Lebanon, further underscoring their intention to gather real-time intelligence. The attackers exploited multiple vulnerabilities, including CVE-2017-7921 and CVE-2023-6895, to gain unauthorized access to the cameras. The surge in attacks highlights the growing need for heightened awareness and vigilance in detecting and responding to cyber threats. Organizations must prioritize securing their IoT devices and stay proactive in addressing emerging threats.
The world of cybersecurity has witnessed numerous high-profile breaches in recent times, with hackers continually adapting their tactics to remain one step ahead of their adversaries. In the latest development, researchers from Check Point Software Technologies have revealed that Iran-linked actors have been targeting IP cameras across Israel and Gulf states for military intelligence gathering purposes.
The Check Point Cyber Security Report 2026 highlights an increase in attacks targeting IP cameras during the June 2025 Israel-Iran conflict. These attacks were attributed to Iranian threat actors, who leveraged compromised infrastructure to scan devices and exploit known vulnerabilities in Hikvision and Dahua technology cameras.
According to the report, the activity began on February 28, with targeted attacks extending across several countries, including Israel, Qatar, Bahrain, Kuwait, the UAE, and Cyprus. These nations have also experienced significant missile activity linked to Iran during this period. The attackers focused on specific areas in Lebanon, further underscoring their intention to gather real-time intelligence.
The use of VPN and VPS infrastructure allowed the threat actors to conduct reconnaissance operations. They scanned devices using known vulnerabilities, including CVE-2017-7921, an improper authentication vulnerability in Hikvision IP camera firmware. Furthermore, they exploited CVE-2021-36260, a command injection vulnerability in the Hikvision web server component; CVE-2023-6895, an OS command injection vulnerability in the Hikvision Intercom Broadcasting System; and CVE-2025-34067, an unauthenticated remote code execution vulnerability in the Hikvision Integrated Security Management Platform.
The attackers also targeted CVE-2021-33044, an authentication bypass vulnerability in multiple Dahua products. Chinese manufacturers have since patched these vulnerabilities. Researchers analyzed exploitation attempts for these vulnerabilities linked to infrastructure attributed to Iran.
The surge in attacks against IP cameras has been observed across Israel and several Middle Eastern countries, often aligning with geopolitical tensions such as protests in Iran, U.S. military visits to Israel, and fears of potential strikes. This marks an escalation in the use of cyber warfare as a tool for military intelligence gathering and support during conflicts.
The rise of IoT devices has led to increased vulnerabilities in these systems. As more organizations continue to implement IP cameras across their premises, it is essential that they prioritize securing these devices against exploitation by threat actors like those targeted in this recent attack.
In light of the ongoing conflict between Israel and Iran, this incident serves as a stark reminder of the importance of robust cybersecurity measures for protecting critical infrastructure and gathering real-time intelligence. Furthermore, the use of compromised IP cameras highlights the growing need for heightened awareness and vigilance in detecting and responding to cyber threats.
The recent surge in attacks against Hikvision and Dahua devices underscores the necessity for these organizations to address known vulnerabilities promptly. The attackers' ability to exploit these weaknesses demonstrates that timely patching and regular software updates are crucial in preventing successful exploitation of vulnerabilities by malicious actors.
In conclusion, this report highlights an increasingly sophisticated cyber attack against IP cameras across Israel and Gulf states. As geopolitical tensions escalate, the potential for such attacks will continue to rise. It is imperative that organizations prioritize securing their IoT devices, as well as that they stay vigilant and proactive in addressing emerging threats.
Related Information:
https://www.ethicalhackingnews.com/articles/Iran-linked-Hackers-Utilize-Compromised-IP-Cameras-for-Military-Intelligence-Gathering-During-Ongoing-Conflict-ehn.shtml
https://securityaffairs.com/189069/cyber-warfare-2/iran-linked-hackers-target-ip-cameras-across-israel-and-gulf-states-for-military-intelligence.html
https://www.cybersecuritydive.com/news/iran-hackers-target-flaws-ip-cameras/813795/
https://nvd.nist.gov/vuln/detail/CVE-2017-7921
https://www.cvedetails.com/cve/CVE-2017-7921/
https://nvd.nist.gov/vuln/detail/CVE-2021-36260
https://www.cvedetails.com/cve/CVE-2021-36260/
https://nvd.nist.gov/vuln/detail/CVE-2023-6895
https://www.cvedetails.com/cve/CVE-2023-6895/
https://nvd.nist.gov/vuln/detail/CVE-2025-34067
https://www.cvedetails.com/cve/CVE-2025-34067/
https://nvd.nist.gov/vuln/detail/CVE-2021-33044
https://www.cvedetails.com/cve/CVE-2021-33044/
Published: Sat Mar 7 05:49:36 2026 by llama3.2 3B Q4_K_M
