Iran-linked hackers escalate surveillance camera intrusions

Cybersecurity researchers have identified a sharp rise in attempts to compromise internet-connected surveillance cameras across the Middle East, attributing the activity to groups believed to be linked with infrastructure associated with Iran. Analysts say the attacks coincide with heightened geopolitical tensions in the region and appear aimed at gathering intelligence and potentially disrupting critical operations.

Security specialists monitoring global network traffic reported that thousands of connected cameras and video recorders have been probed or accessed through automated scanning and exploitation tools. The targeted devices include consumer-grade security cameras, industrial monitoring systems and municipal surveillance networks used by businesses and local authorities. Many of these devices are part of the rapidly expanding “Internet of Things”, where internet connectivity allows remote monitoring but can also expose vulnerabilities.

Investigators say the attackers appear to be searching for poorly secured cameras that still use default passwords or outdated software. Once compromised, such devices can provide live video feeds, network access points or the ability to pivot deeper into organisational systems. Analysts warn that surveillance cameras have become an attractive entry point for cyber intrusions because they often remain connected to corporate or government networks without adequate security oversight.

Cyber intelligence firms tracking the activity have linked the campaign to digital infrastructure historically associated with Iranian state-aligned threat actors. These groups have been known to conduct espionage operations against governments, energy companies and logistics networks across the Gulf and wider Middle East. Although direct attribution remains complex, patterns in network behaviour, command-and-control servers and malware signatures have led analysts to conclude the campaign aligns with previously observed tactics used by such actors.

Security researchers say the attacks appear coordinated and geographically focused. Organisations in Gulf states, Israel and several neighbouring countries have reported increased attempts to access surveillance equipment during the period of heightened regional tensions. Some probes have also been detected against systems in Europe and North America, though at a smaller scale.

Experts warn that compromised cameras could provide attackers with more than simple visual access. Networked surveillance equipment is often connected to internal IT infrastructure, allowing hackers to map networks, capture credentials or deploy further malware. In sensitive environments such as transport hubs, energy facilities or government buildings, unauthorised access to video feeds could also reveal operational patterns and security procedures.

Industry specialists say many internet-connected cameras were designed primarily for convenience and affordability rather than robust cybersecurity. Devices manufactured over the past decade frequently rely on weak authentication systems or outdated firmware, leaving them vulnerable to exploitation if not regularly updated. Businesses and homeowners alike have been urged to change default passwords, apply software patches and place surveillance devices on isolated networks.

Government agencies across the Middle East have also stepped up cybersecurity monitoring as the wave of attempted intrusions has intensified. National cyber defence centres in several countries have issued alerts warning organisations about potential exploitation of internet-connected cameras and advising stronger security controls for operational technology networks.

Cybersecurity experts note that camera-focused intrusions are not entirely new. Past cyber campaigns linked to state-backed groups have exploited similar devices to build botnets or launch distributed denial-of-service attacks. The current pattern, however, appears more focused on surveillance and reconnaissance, suggesting the attackers may be seeking intelligence linked to the broader geopolitical environment.

Analysts also point to the strategic importance of digital espionage in modern conflicts. Intelligence gathered through compromised devices can reveal movement patterns, infrastructure layouts or operational routines. Such information may be valuable for both cyber operations and conventional military planning.

Private sector companies operating in sectors such as energy, shipping and logistics have been among those urged to review their camera networks and connected devices. Industrial facilities often deploy hundreds of cameras to monitor operations and safety conditions, creating extensive networks that can become attractive targets if security practices are weak.

Technology companies and cybersecurity vendors have responded by publishing guidance on securing surveillance infrastructure. Recommendations include implementing strong password policies, enabling two-factor authentication where possible, restricting internet exposure of camera management interfaces and maintaining regular firmware updates.

Researchers tracking the campaign say the number of probing attempts continues to fluctuate as networks strengthen their defences. Security teams are also examining whether compromised devices have been used to move laterally into other systems or to collect sensitive operational data.