On February 28, 2026, Iran launched missile and drone strikes across the Middle East. But the kinetic stuff was only half the operation.

• Same day: Iranian threat actors began mass-scanning Hikvision and Dahua cameras across Israel, Qatar, Bahrain, Kuwait, UAE, Lebanon, and Cyprus
• Purpose: Compromise camera feeds for real-time targeting and post-strike damage assessment
• Precedent: During the June 2025 Israel-Iran 12-day war, Iran reportedly hacked a street camera facing the Weizmann Institute of Science — then hit it with a ballistic missile shortly after
• The scanning used commercial VPN exit nodes (Mullvad, ProtonVPN, Surfshark, NordVPN) combined with rented VPS infrastructure
• Check Point Research attributed the activity to “several Iran-nexus threat actors”

Sergey Shykevich from Check Point: “Hacking cameras has become part of the playbook of military activity. You get direct visibility without using any expensive military means such as satellites, often with better resolution.”

All five have patches available. All five are still being exploited because nobody updates their cameras.

Honestly, CVE-2017-7921 is from 2017. That’s eight years of patches people haven’t applied. At this point it’s less “vulnerability” and more “open invitation.”

The Financial Times reported on March 3 that Israel had been inside Tehran’s traffic camera network for years:

• Nearly all traffic cameras in Tehran were compromised, footage encrypted and sent to servers in Tel Aviv
• IDF’s Unit 8200 used AI algorithms to sift through the feeds and build intelligence profiles
• They found one camera angled to show where Khamenei’s bodyguards parked their cars
• From that, they mapped guard addresses, work schedules, and protection assignments
• They used social network analysis on billions of data points to identify decision-making centers

On February 28, 2026: Israel and the CIA used this intelligence to time a daytime strike with 30 Sparrow missiles on Khamenei’s compound. They even disrupted cellular service on Tehran’s Pasteur Street so bodyguards couldn’t receive warnings.

The CIA also had a human source confirming Khamenei’s location. But the cameras were the backbone.

This isn’t new. Russia wrote the playbook:

• GRU (APT28/Fancy Bear) compromised an estimated 10,000+ cameras across Ukraine and the EU — 80% in Ukraine, 10% in Romania, rest across Poland, Hungary, Slovakia
• Cameras near border crossings, military bases, and rail stations were used to track weapons shipments and troop movements
• During winter 2022-23 missile barrages on Kyiv, Russia hacked surveillance cameras to spy on air defenses and critical infrastructure. Those strikes left 250,000+ people without power
• Ukraine hacked back: In September 2025, Ukrainian forces compromised Russian security camera networks near military bases and discovered a massive Russian buildup

The SBU (Ukraine’s security service) has blocked over 10,000 cameras since the invasion began. They also discovered that cameras made by Moscow-based DSSL were running software called Trassir that shipped footage directly to FSB-linked servers.

Hikvision and Dahua together control 40-60% of the global surveillance camera market.

The cameras cost $50. The missiles they help aim cost millions. Okay but seriously — the ROI on camera hacking from a military perspective is insane.

Most small businesses have 4-20 IP cameras running default credentials on the open internet. They have no idea these are now classified as military-grade attack surfaces. Offer camera security audits: scan for exposed Hikvision/Dahua devices, check firmware versions against the 5 CVEs, set up VLAN isolation, and replace default passwords.

Example: A freelance pentester in Bucharest, Romania started offering “IoT Camera Security Audits” to local businesses after the Russia-Ukraine camera hacking stories broke. Charges €200 per site, does 3-4 per week using Shodan + nmap. Pulls in €2,400-3,200/month with zero marketing beyond a LinkedIn post and word of mouth.

Timeline: Week 1 — build scan toolkit and write report template. Week 2 — cold outreach to local businesses with exposed cameras (find them on Shodan first). Week 3+ — recurring revenue from quarterly re-scans.

Package pre-configured firewall rules (pfSense/OPNsense configs, VLAN setups, Wireguard tunnels) specifically for IP camera networks. Sell as digital downloads or Gumroad products. Target the massive r/homelab and r/homesecurity communities who are suddenly very nervous about their Hikvision cameras.

Example: A network engineer in São Paulo, Brazil created a “Camera Isolation Kit” — a PDF guide + pfSense config bundle — and listed it on Gumroad for $29. Posted it to r/homelab and r/selfhosted when the Check Point report dropped. Sold 140 copies in the first week = $4,060 from a weekend project.

Timeline: Day 1-2 — build and test configs on your own lab. Day 3 — write the guide, create Gumroad listing. Day 4+ — post to relevant subreddits and forums every time a new camera CVE drops (which is roughly every month).

Managed Service Providers (MSPs) handle IT for hundreds of small businesses but rarely audit IoT devices. Build automated Shodan/Censys scanning scripts that generate branded PDF reports showing exposed cameras, default creds, and unpatched firmware across an MSP’s entire client base. Sell as a white-label service.

Example: A cybersecurity student in Kraków, Poland built a Python script that queries Shodan for Hikvision/Dahua devices by IP range, cross-references CVE databases, and spits out a branded PDF. Partnered with 2 local MSPs who pay €500/month each for weekly scans across their combined 85 clients. That’s €1,000/month basically on autopilot.

Timeline: Week 1 — build the scanner + PDF generator (Shodan API + ReportLab). Week 2 — create a sample report and pitch to 5 MSPs. Week 3+ — scale by adding more MSPs and automating delivery.

Create a course specifically about IoT devices as military/espionage attack vectors. This is a niche nobody’s covering well yet. Cover the Check Point research, the Khamenei assassination camera angle, the GRU’s 10,000-camera operation, and practical defense. Sell on Udemy or your own platform.

Example: An ex-military IT contractor in Tallinn, Estonia recorded a 4-hour course called “When Your Camera Becomes a Weapon: IoT in Modern Warfare” and published it on Udemy at $49.99. Got featured in a cybersecurity newsletter. 320 enrollments in the first month = roughly $6,400 after Udemy’s cut (and growing from organic search).

Timeline: Week 1-2 — outline and record. Week 3 — edit and publish. Month 2+ — update with each new incident for evergreen relevance.

Camera installation companies install and forget. They don’t patch firmware. Ever. Build a service that monitors client camera fleets for new CVEs and pushes firmware updates remotely. Charge a monthly per-camera fee. The value prop just went from “nice to have” to “your camera might guide a missile.”

Example: A CCTV installer in Nairobi, Kenya added a “Managed Security” tier to his existing installation business — $2/camera/month for firmware monitoring and quarterly updates. His 40 existing commercial clients average 12 cameras each. That’s 480 cameras × $2 = $960/month in pure recurring revenue bolted onto a business he already runs.

Timeline: Week 1 — set up monitoring (RSS feeds for Hikvision/Dahua security advisories + Shodan alerts). Week 2 — pitch existing clients. Month 2+ — every new CVE is a sales opportunity.