“摄像头”并未取代卫星或无人机，而是加入了新的作战“观察窗”：Check Point 的研究显示，在中东地区出现了数百起对民用摄像头的入侵尝试，且主要与疑似伊朗国家背景势力相关，主要围绕以色列、卡塔尔和塞浦路斯等潜在打击目标展开。攻击时间明显与时间上与中东局势同步，尤其是 2026 年 2 月 28 日和 3 月 1 日（美以对伊朗空袭起始期）最为集中，并在1月中下旬（伊朗抗议与作战筹备期）出现先行尝试。研究指出，被利用的是五个 Hikvision/Dahua 的漏洞，既不复杂也无高端技术门槛，但在2017 年即被发现，且更新后仍普遍遗留在设备中。攻击者主要被归因于与 Handala 等与伊朗情报机构关联的团体，Check Point 在以色列本土还拦截到更多尝试，意味着观测范围（尤其未装检测设备的网络）可能显著低估了真实规模。

这类“低成本远程侦察”也未在以色列与伊朗冲突首次出现。以色列在上个月曾通过与 CIA 合作接近“近乎全部”德黑兰城市交通摄像头，用于追踪巴赫鲁尼亚（Ali Khamenei）周边安保节奏并支撑其暗杀行动；以色列网安负责人 Yossi Karadi 曾警告，伊朗黑客已在上一轮12 天冲突中就通过民用摄像头观察目标。Check Point 资料显示，2月/3月的攻击路径覆盖巴林、塞浦路斯、科威特、黎巴嫩、卡塔尔和阿联酋，说明这不是单一战区技术，而是地缘关联、持续演进的战术链条。被入侵系统若未及时打补丁，摄像头更新缺失使风险长期存在，且这些系统“可视距离”的价值，常被形容为以低成本获得“直接可见性”，可跨越数十万英里（约合160,000+公里）级侦察收益。

俄罗斯—乌克兰冲突进一步放大了这一趋势。乌克兰称俄军曾入侵基辅至少2个公共摄像头用于观察设施与防空布置；基辅情报部门称为阻止滥用曾短暂封禁约10,000台联网摄像头。与此同时，乌克兰方面也反向利用被劫持画面监视俄军、追踪克尔奇大桥物资流动，并在水下无人机打击中出现疑似来源于街道摄像头的画面。军事分析者 Peter W. Singer 与安全专家 Beau Woods 均指出该手段便宜、隐蔽、角度贴近地面且补位成本低，且易于形成“命中后评估”闭环；但责任归属并不清晰，设备制造商或所有者多不承担直接伤害责任，最终受害者往往难以阻止被敌方“借用”作为打击前后侦察的一环，这也是“杀伤链”长期延展的关键风险点。

Recent Check Point telemetry shows hundreds of attempts to hijack consumer-grade cameras in the Middle East, mainly attributed to Iranian-aligned actors, aimed at potential strike targets including Israel, Qatar, and Cyprus. Attempts clustered tightly around major kinetic operations: especially 28 February and 1 March 2026, when U.S.-Israel airstrikes across Iran began, with additional attempts in mid-January during protests and operational preparation. The campaign focused on five Hikvision and Dahua vulnerabilities—none technically sophisticated, all previously known, and one discovered as early as 2017. Check Point linked activity to three groups, including infrastructure associated with the Handala cluster, and detected many blocked attempts inside Israel, suggesting the observed volume underrepresents broader activity outside its monitored networks.

The method is not unique to this escalation cycle. Israeli reporting and U.S. cooperation described near-total access to Tehran traffic cameras before the strike on Supreme Leader Ali Khamenei, using live feeds to map guard routines and assist targeting; Yossi Karadi had earlier warned this was already occurring during the prior 12-day war phase in June. Check Point also observed attempts across Bahrain, Cyprus, Kuwait, Lebanon, Qatar, and the United Arab Emirates, reinforcing that this technique is regional and multi-actor rather than isolated. These cameras provide a low-cost reconnaissance channel: “direct visibility” without expensive military platforms, and with effective ranges measured in hundreds of thousands of miles (about 160,000+ km), making them strategically attractive despite their age.

In Ukraine, officials reported Russian forces used at least two hacked Kyiv cameras in January 2024 to support strike preparation, prompting the SBU to disable around 10,000 connected cameras. Ukraine appears to have adopted the same paradigm by exploiting compromised feeds to monitor Russian activity, including materiel movement across the Kerch Bridge and footage resembling a hacked camera angle during an underwater drone strike. Analysts such as Peter W. Singer and security researchers like Beau Woods describe this as inexpensive, scalable, and less detectable than drones: it gives ground-level angles, low-cost repeatable reconnaissance, and post-strike damage assessment. Yet accountability remains unresolved because neither camera owners nor manufacturers are usually the operational victim, while hijacked devices still become part of an adversary’s targeting and “kill chain.”