Interplay between Iranian Targeting of IP Cameras and Physical Warfare in the Middle East

Check Point Research observed intensified Iran-nexus targeting of Hikvision and Dahua IP cameras beginning January–February 2026 across Israel, UAE, Qatar, Bahrain, Kuwait, Cyprus and Lebanon, using VPN exit nodes and VPS infrastructure to scan for and attempt exploitation of known vulnerabilities (including CVE-2017-7921, CVE-2021-36260, CVE-2023-6895, CVE-2025-34067, CVE-2021-33044). The activity shows temporal spikes aligned with geopolitical events and is assessed to support surveillance and battle-damage assessment for missile operations; defenders are advised to remove public exposure, enforce strong credentials, apply vendor patches, segment camera networks, and monitor for anomalous logins and outbound connections.