1 min read

Iran-Linked Hackers Exploit Hikvision and Dahua Camera Vulnerabilities in Middle East Military Surveillance Campaign

Canopy Security
Security cameras on a pole in Tehran representing Iran-linked hackers exploiting Hikvision and Dahua vulnerabilities for military surveillance

Check Point Research documented hundreds of attempts by Iranian state-linked hackers to exploit five known vulnerabilities in Hikvision and Dahua security cameras across Bahrain, Cyprus, Kuwait, Lebanon, Qatar, UAE, and Israel — many timed to coincide with US and Israeli air strikes on Iran in late February and early March 2026. The same playbook is being used by Russian, Ukrainian, and Israeli forces, who have all leveraged hacked consumer cameras for targeting, battle damage assessment, and troop tracking, illustrating that camera hijacking has become a standard military reconnaissance tool. All five vulnerabilities are patched but persist because IoT device owners rarely apply updates, and both Hikvision and Dahua are effectively banned from US government networks due to security concerns.

Key Takeaways

  • Check Point blocked hundreds of attempted exploits of five known Hikvision and Dahua CVEs (all patched, one dating to 2017) across Middle East networks — attributed to three groups linked to Iran's Ministry of Intelligence and Security including Handala
  • Israeli intelligence accessed "nearly all" Tehran traffic cameras to track Khamenei's security detail ahead of the air strike that killed him — per FT, timed to late February 2026 US-Israeli strikes on Iran
  • IoT camera owners rarely apply firmware updates; Hikvision and Dahua are banned from US government networks under NDAA Section 889; patch status should be audited in any enterprise environment

Original source: Wired / Ars Technica / Check Point