TechTarget and Informa Tech’s Digital Business Combine. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise NEWSLETTER SIGN-UP Cybersecurity Topics World The Edge DR Technology Events Resources THREAT INTELLIGENCE CYBERSECURITY OPERATIONS CYBERATTACKS & DATA BREACHES CYBER RISK NEWS Iran's Cyber-Kinetic War Doctrine Takes Shape Iran has been hacking IP cameras to plan missile strikes against its enemies, and mounting other attacks on physical assets, showing how cyber and kinetic warfare are fast becoming one in the same. Alexander Culafi,Senior News Writer,Dark Reading March 6, 2026 4 Min Read SOURCE: RONSTIK VIA ALAMY STOCK PHOTO Following the US and Israeli attack on Iran on Feb. 28, Iran has unified cyber and kinetic attacks into a single doctrine. Check Point Research on March 4 published research identifying intensified targeting of IP cameras against two manufacturers, attributed to Iranian threat actors. The attacks began Feb. 28, the day US and Israel missile strikes began. This, researchers said the activity "extends across Israel, Qatar, Bahrain, Kuwait, the UAE, and Cyprus — countries that have also experienced significant missile activity linked to Iran." The hacking occurring before the US/Israel attacks (IP camera targeting of Israel and Qatar in mid-January, apparently expectations of a US strike) and after (IP camera targeting specific areas in Lebanon) led Check Point Research to assess that Iran leverages camera compromise for operational support and battle damage assessment as it relates to missile launches. "As a result, tracking camera-targeting activity from specific, attributed infrastructures may serve as an early indicator of potential follow-on kinetic activity," the research read. Related:Tycoon 2FA Goes Boom as Europol, Vendors Bust Phishing Platform The actors are apparently targeting popular Hikvision and Dahua cameras with a number of authentication and command-related vulnerabilities. The bugs they use include CVE-2017-7921, CVE-2021-36260, CVE-2023-6895 for Hikivision ; and CVE-2025-34067 and CVE-2021-33044 in the case of Dahua. Patches for all vulnerabilities are available now. Iran has a history of utilizing cameras to facilitate military action. "We observed similar targeting patterns during the 12-day war between Israel and Iran in June 2025, likely to support battle damage assessment and/or targeting correction," according to Check Point. "One of the best-known cases occurred when Iran struck Israel’s Weizmann Institute of Science with a ballistic missile and had reportedly taken control of a street camera facing the building just prior to the hit." Given the targeting of IP cameras last year and on an even wider basis now, Sergey Shykevich, threat intelligence group manager at Check Point Research, says the use of camera targeting to facilitate missile strikes "is part of Iranian war doctrine." Iran's Ongoing Cyber Activity It's worth noting this is not the only cyber activity Iran has conducted as part of its ongoing retaliation. In an email, Flashpoint shared research with Dark Reading highlighting ongoing targeting of industrial control systems (ICS) in Israel and other countries; logistics sabotage (pro-Iranian actors reportedly breached the Jordan Silos and Supply General Company via phishing); and government entity targeting with DDoS attacks in places like UAE and Bahrain. That's in addition to other activity Flashpoint has tracked in recent days, including ongoing propaganda campaigns and missile strikes against data centers. Related:LatAm Now Faces 2x More Cyberattacks Than US Adam Meyers, CrowdStrike's senior vice president of counter-adversary operations, says that as Tehran focuses on its kinetic response, "CrowdStrike has observed muted IRGC-linked retaliatory cyberattacks, which are limited in scope." The company has, however, seen a surge in pro-Iranian Russian hacktivism, including attacks targeting ICS, SCADA systems, and CCTV networks belonging to US-based entities. "The timing of these unverified claims, coinciding with Operation Epic Fury, suggests [Iran's allies] likely began prioritizing US entities as targets," Meyers writes. "Western organizations should continue to remain on high alert for potential cyber-response as the conflict continues, and activity may move beyond hacktivism and into destructive operations." Iran's Cyber-Kinetic Battlespace: Familiar, Yet Different Although the use of cyberattacks in kinetic warfare are far from new in their own right (look to Russia's relentless targeting of industrial infrastructure as part of its invasion of Ukraine), Iran's activity represents a near total blend of the two. Related:Dark Reading Confidential: This Threat Hunter Helped Cops Bust Up An African Cybercrime Syndicate Shykevich says that although there are several examples of the cyber-to-kinetic attack path during the Russia-Ukraine war, "it is not something very common, or at least not frequently publicly documented." Alexander Leslie, senior advisor at Recorded Future, tells Dark Reading that from a strategic standpoint, cyber remains one of Iran's most scalable military options, especially as conventional operations are constrained. "This is not a traditional linear conflict," Leslie says. "It is an integrated campaign in which kinetic operations, cyber effects, psychological operations, and economic coercion are sequenced. If you’re looking for a single decisive battlefield moment, you’ll miss the point. The strategy is to impose costs across domains, stretch air defenses, spike shipping and insurance risk, exploit cyber vulnerabilities, and flood the information environment so decisionmakers move before verification." Kathryn Raines, cyber threat intelligence team lead for the National Security Solutions team at Flashpoint, tells Dark Reading that there's no doubt in her mind that "what we’re seeing in the Middle East right now isn’t an anomaly — it’s the new blueprint for modern warfare." She adds, "We are firmly in the era of hybrid tactics, where traditional boundaries have completely collapsed. Cyber operations offer a low-cost, high-impact way to shape the physical battlespace, not to mention there’s an extremely low barrier to entry for hacktivists and other proxies wanting to get involved." So, "things like hacking IP cameras for real-time battle-damage assessment or breaching a power grid to blind an adversary's air defenses just minutes before a missile barrage will become standard operating procedure." About the Author Alexander Culafi Senior News Writer, Dark Reading Alex is an award-winning writer, journalist, and podcast host based in Boston. After cutting his teeth writing for independent gaming publications as a teenager, he graduated from Emerson College in 2016 with a Bachelor of Science in journalism. He has previously been published on VentureFizz, Search Security, Nintendo World Report, and elsewhere. In his spare time, Alex hosts the weekly Nintendo podcast Talk Nintendo Podcast and works on personal writing projects, including two previously self-published science fiction novels. More Insights Industry Reports ThreatLabz 2025 Ransomware Report The Total Economic Impact™ Of Zscaler Private Access (ZPA) Zscaler ThreatLabz 2025 VPN Risk Report GigaOm Radar for CNAPP The Total Economic Impact™ of Google SecOps Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like THREAT INTELLIGENCE CISA: Pro-Russia Hacktivists Target US Critical Infrastructure by Elizabeth Montalbano, Contributing Writer DEC 10, 2025 THREAT INTELLIGENCE How Malware Authors Are Incorporating LLMs to Evade Detection by Robert Lemos, Contributing Writer NOV 26, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 THREAT INTELLIGENCE Trump Targets Krebs, Revokes SentinelOne Security Clearance by Kristina Beek, Associate Editor, Dark Reading APR 10, 2025 Editor's Choice THREAT INTELLIGENCE As War Continues, Pro-Iranian Actors Launch Barrage of Cyberattacks byElizabeth Montalbano MAR 3, 2026 6 MIN READ ICS/OT SECURITY Vehicle Tire Pressure Sensors Enable Silent Tracking byJai Vijayan MAR 3, 2026 3 MIN READ СLOUD SECURITY AI Agent Overload: How to Solve the Workload Identity Crisis byAlexander Culafi MAR 3, 2026 4 MIN READ 2026 Security Trends & Outlooks THREAT INTELLIGENCE Cybersecurity Predictions for 2026: Navigating the Future of Digital Threats JAN 2, 2026 CYBER RISK Navigating Privacy and Cybersecurity Laws in 2026 Will Prove Difficult JAN 12, 2026 ENDPOINT SECURITY CISOs Face a Tighter Insurance Market in 2026 JAN 5, 2026 THREAT INTELLIGENCE 2026: The Year Agentic AI Becomes the Attack-Surface Poster Child JAN 30, 2026 Download the Collection Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox. SUBSCRIBE Webinars Building a Robust SOC in a Post-AI World THURS, MARCH 19, 2026 AT 1PM EST Retail Security: Protecting Customer Data and Payment Systems THURS, APRIL 2, 2026 AT 1PM EST Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need WED, APRIL 1, 2026 AT 1PM EST Securing Remote and Hybrid Work Forecast: Beyond the VPN TUES, MARCH 10, 2026 AT 1PM EST AI-Powered Threat Detection: Beyond Traditional Security Models WED, MARCH 25, 2026 AT 1PM EST More Webinars White Papers Industry Report: AI, SOC, and Modernizing Cybersecurity The Threat Prevention Buyer's Guide: Find the best AI-driven threat protection solution to stop file-based attacks. Assessing Security Architectures: Zero Trust vs. Network-Centric Models 5 Steps to Stop Rans