Interplay between Iranian Targeting of IP Cameras and Physical Warfare in the Middle East

Key Points:

• Iranian threat actors have intensified targeting of IP cameras from manufacturers like Hikvision and Dahua, particularly in Israel, Qatar, Bahrain, Kuwait, the UAE, and Cyprus since February 28.
• The impact includes potential operational support for missile strikes and battle damage assessments (BDA), with specific vulnerabilities being exploited to gain unauthorized access to these devices.
• Recommended actions include eliminating public exposure of cameras, enforcing strong credentials, maintaining patch management, implementing network segmentation, and enhancing monitoring for unusual activity.

Technical Details: The attacks exploit several vulnerabilities in Hikvision and Dahua products, including CVE-2017-7921 (improper authentication) and CVE-2021-33044 (authentication bypass). These vulnerabilities allow attackers to gain unauthorized access to the devices.

MITRE ATT&CK Techniques:

• T1078 - Valid Accounts (Defense Evasion)
• T1190 - Exploit Public-Facing Application (Initial Access)
• T1203 - User Execution (Execution)

IOCs Mentioned:

• CVE-2017-7921
• CVE-2021-33044
• CVE-2023-6895
• CVE-2025-34067
• CVE-2021-33044