Hikvision and Dahua camera exploitation wave (active targeting)
Exploitation Wave
Summary
Hide ▲
Show ▼
An active exploitation wave is targeting Hikvision and Dahua IP cameras, using multiple authentication and command-related flaws to compromise exposed devices. The wave began Feb. 28 and spans Israel, Qatar, Bahrain, Kuwait, the UAE, and Cyprus, creating surveillance and operational-support risk across the region. The activity uses CVE-2017-7921, CVE-2021-36260, CVE-2023-6895, CVE-2025-34067, and CVE-2021-33044, and patches are available now.
Related Happenings
Internet-exposed Rockwell Automation/Allen-Bradley PLCs concentrated in the United States
Target Trend
First: 10.04.2026 18:52
Last: 10.04.2026 18:52
Sources 1
About this happening:
A measured exposure pattern shows **5,219** internet-facing **Rockwell Automation/Allen-Bradley** PLC hosts worldwide, expanding the attack surface for **industrial control** netw...
Internet-exposed Rockwell Automation/Allen-Bradley PLCs concentrated in the United States
Target TrendAbout this happening: A measured exposure pattern shows **5,219** internet-facing **Rockwell Automation/Allen-Bradley** PLC hosts worldwide, expanding the attack surface for **industrial control** netw...
Iran's network of traffic cameras hit by cyberattack
Incident
First: 27.03.2026 16:42
Last: 27.03.2026 16:42
Sources 1
How related:
"In the latest incident, Israel and the United States reportedly hijacked Iran's network of traffic cameras, which the government used to surveil protesters, to track the movements of Iranian leader Ayatollah Ali Khamenei prior to targeting him with an air strike, killing him on February 28, according to reports this month by the Financial Times and the Associated Press."
About this happening:
The **Iranian traffic-camera network** was reportedly **hijacked** and used to track **Ayatollah Ali Khamenei** before a deadly **air strike**, showing how connected surveillance...
Iran's network of traffic cameras hit by cyberattack
IncidentHow related: "In the latest incident, Israel and the United States reportedly hijacked Iran's network of traffic cameras, which the government used to surveil protesters, to track the movements of Iranian leader Ayatollah Ali Khamenei prior to targeting him with an air strike, killing him on February 28, according to reports this month by the Financial Times and the Associated Press."
About this happening: The **Iranian traffic-camera network** was reportedly **hijacked** and used to track **Ayatollah Ali Khamenei** before a deadly **air strike**, showing how connected surveillance...
Iran-linked proxy cyber-physical device scanning campaign
Campaign
First: 27.03.2026 16:42
Last: 27.03.2026 16:42
Sources 1
How related:
"Iran's proxies are widening their scans and looking for vulnerable cyber-physical devices — especially IP cameras and industrial control systems — in specific countries,"
About this happening:
Iran-linked proxies are **widening scans** for **vulnerable cyber-physical devices**, increasing the risk of opportunistic access across **specific countries** and the **private s...
Iran-linked proxy cyber-physical device scanning campaign
CampaignHow related: "Iran's proxies are widening their scans and looking for vulnerable cyber-physical devices — especially IP cameras and industrial control systems — in specific countries,"
About this happening: Iran-linked proxies are **widening scans** for **vulnerable cyber-physical devices**, increasing the risk of opportunistic access across **specific countries** and the **private s...
Red Menshen telecom espionage campaign
Campaign
First: 26.03.2026 19:40
Last: 26.03.2026 19:40
Sources 1
About this happening:
A **China-nexus** **Red Menshen** operation has sustained **covert access** in **telecom networks** across the **Middle East and Asia**, increasing the risk of **government espion...
Red Menshen telecom espionage campaign
CampaignAbout this happening: A **China-nexus** **Red Menshen** operation has sustained **covert access** in **telecom networks** across the **Middle East and Asia**, increasing the risk of **government espion...
MuddyWater U.S. network intrusion campaign targeting banks, airports, and a software company arm
Campaign
First: 06.03.2026 12:23
Last: 06.03.2026 12:23
Sources 1
About this happening:
**MuddyWater (Seedworm)** is running a **state-linked intrusion campaign** that has embedded itself in **U.S. banks, airports, a non-profit, and an Israeli software company arm**,...
MuddyWater U.S. network intrusion campaign targeting banks, airports, and a software company arm
CampaignAbout this happening: **MuddyWater (Seedworm)** is running a **state-linked intrusion campaign** that has embedded itself in **U.S. banks, airports, a non-profit, and an Israeli software company arm**,...
Timeline
-
06.03.2026 16:01 1 articles · 2mo ago
Iran-linked targeting of Hikvision and Dahua cameras begins
Exploitation ObservedIranian threat actors begin targeting exposed Hikvision and Dahua IP cameras with authentication and command-related vulnerabilities, including CVE-2017-7921, CVE-2021-36260, CVE-2023-6895, CVE-2025-34067, and CVE-2021-33044, across Israel, Qatar, Bahrain, Kuwait, the UAE, and Cyprus for operational support and battle damage assessment.
Show sources
- Iran's Cyber-Kinetic War Doctrine Takes Shape — www.darkreading.com — 06.03.2026 16:01
-
06.03.2026 16:01 3 articles · 2mo ago
Check Point Research publishes analysis of camera targeting
Technical Analysis UpdateCheck Point Research publishes analysis attributing intensified IP camera targeting to Iranian threat actors and assesses that compromise of Hikvision and Dahua devices across Israel, Qatar, Bahrain, Kuwait, the UAE, and Cyprus can provide an early indicator of follow-on kinetic activity; the researchers also describe the pattern as part of an integrated cyber-kinetic doctrine.
Show sources
- Iran's Cyber-Kinetic War Doctrine Takes Shape — www.darkreading.com — 06.03.2026 16:01
- Iran's Cyber-Kinetic War Doctrine Takes Shape — www.darkreading.com — 06.03.2026 16:01
- Wartime Usage of Compromised IP Cameras Highlight Their Danger — www.darkreading.com — 27.03.2026 16:42