The Weaponization Of Surveillance For Cyber-Kinetic Warfare
Cyber and kinetic warfare have merged into a new phase. Internet-connected devices, especially IP cameras, are now both intelligence assets and strategic risks. Recent events in the 2026 Middle East conflict show how compromised surveillance, coordinated cyberattacks, and DDoS campaigns are changing modern warfare. Multiple threat intelligence reports confirm cyber operations are now central to military strategy, not just supporting actions.
Internet-connected cameras define modern urban spaces, with billions worldwide. Their spread has created a vast, often weakly secured attack surface. In war, these cameras can turn from harmless tools into potent intelligence systems for adversaries.
Recent investigations found that compromised cameras were used to support high-profile military targeting. Intelligence actors accessed thousands of video feeds to track movements, spot patterns, and support targeted strikes.
This vulnerability is severe. Many cameras remain exposed due to weak authentication, outdated firmware, or poor configuration. Researchers have shown that millions can be accessed remotely with little effort. This turns the world's surveillance network into an open intelligence platform.
This dynamic creates a paradox: systems deployed to enhance security and control can, in turn, expose critical assets. As one analyst noted, the very infrastructure designed to monitor populations may provide adversaries with unprecedented visibility into sensitive environments.
Threat intelligence research by Checkpoint has documented a sharp increase in the targeting of IP cameras during active conflict periods. Beginning in late February 2026, Iranian-linked actors intensified efforts to exploit cameras across multiple countries, including Israel and several Gulf states.
These actions seem tied to military activity. Places experiencing missile strikes or higher military tension also saw more camera exploitation. This suggests a planned effort to improve situational awareness and damage checks.
The operational advantages of such access are significant:
- Real-time monitoring of troop movements and civilian activity
- Verification of strike effectiveness and damage assessment
- Identification of high-value targets and infrastructure
- Enhanced reconnaissance without deploying physical assets
Thus, by leveraging existing surveillance infrastructure, threat actors minimize the need for traditional reconnaissance, reducing operational risk and increasing intelligence precision.
The Rise of Cyber-Kinetic Warfare Doctrine
Events in 2026 show a major shift to combined cyber-kinetic operations. Cyberattacks are no longer seen as separate. State actors now sync digital and physical actions to reach goals.
Military campaigns now use cyber elements to disrupt communications and weaken defenses. These actions often happen before or during kinetic strikes. Targeted cyberattacks have disrupted command systems, sensor networks, and public infrastructure, creating confusion and weakening responses.
This shows a model of multi-domain war, where cyber, electronic, and psychological operations run alongside traditional force. Analysts call this a major change in how wars are fought. Digital tools now act as force multipliers in all areas.
Cyber operations are also used offensively in active battles. For instance, spyware campaigns have lined up with missile attacks. These targeted civilians and collected real-time data.
In parallel with surveillance exploitation, Iranian-linked threat actors have increasingly relied on large-scale DDoS campaigns, according to research published by Greynoise. These attacks are designed to overwhelm networks, disrupt services, and create widespread operational friction.
Research shows Iranian cyber units and partners have used DDoS attacks. Their targets include hosting providers and critical systems as part of their larger response plan.
The objectives of these campaigns extend beyond immediate disruption. By targeting telecommunications providers, financial systems, and online services, attackers aim to:
- Degrade public trust in digital infrastructure
- Divert defensive resources away from critical operations
- Create confusion during periods of military escalation
- Amplify the psychological impact of kinetic attacks
In some cases, these efforts have scaled into massive botnet-driven operations that leverage compromised devices, including IoT systems such as cameras, to generate attack traffic. This reinforces the dual role of insecure devices as both intelligence sources and attack platforms.
Hacktivist groups with state ties are active on the cyber side of the conflict. Over 60 such groups have been seen attacking, defacing websites, phishing, and launching DDoS attacks.
Most of these attacks are not sophisticated, but together they have a big effect. High-volume, low-impact attacks can tire defenders, create noise, and hide bigger threats.
Decentralized cyber operations bring new problems for tracking and response. States can use proxy groups to maintain deniability while expanding their reach.
Artificial intelligence is now key to cyber-kinetic operations. For surveillance, AI quickly reviews large volumes of video, identifying patterns and extracting actionable intelligence at scale.
This makes compromised camera networks more valuable. Analysts don't need to watch footage by hand. Automated tools can detect movement, identify people, and match data across multiple sources.
AI is also used to create fake media and sway public views. As these tools evolve, they'll become part of military and intelligence work, blurring the border between cyber and physical warfare.
In conclusion, the integration of cyber capabilities with kinetic operations has transformed the battlefield, with IP cameras and other connected devices playing a central role in intelligence gathering and attack execution.
Technology, once considered peripheral, is now central to military planning. As conflicts change, digital infrastructure security will be as vital as traditional defenses. Organizations that ignore this new reality risk becoming part of future cyber-kinetic battles.
Share:
Facebook
X.com
LinkedIn
Copy Link
Karolis Liucveikis
Experienced software engineer, passionate about behavioral analysis of malicious apps
Author and general operator of PCrisk's News and Removal Guides section. Co-researcher working alongside Tomas to discover the latest threats and global trends in the cyber security world. Karolis has experience of over 8 years working in this branch. He attended Kaunas University of Technology and graduated with a degree in Software Development in 2017. Extremely passionate about technical aspects and behavior of various malicious applications.
PCrisk security portal is brought by a company RCS LT.
Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.
Our malware removal guides are free. However, if you want to support us you can send us a donation.
DonatePCrisk security portal is brought by a company RCS LT.
Joined forces of security researchers help educate computer users about the latest online security threats. More information about the company RCS LT.
Our malware removal guides are free. However, if you want to support us you can send us a donation.
Donate
▼ Show Discussion