The targeting of CCTV cameras for intelligence gathering in support of military operations is not unique to Iran. In May 2024, intelligence agencies from the US and multiple NATO countries warned in a joint advisory that Russia’s military intelligence agency, the GRU, hacked into cameras at key locations, such as near border crossings, military installations, and rail stations, in Ukraine and neighboring countries. The goal was to track the movement of materials into Ukraine as part of aid shipments.
“For the cybersecurity community, this research serves as both a warning and a call to action,” Amazon’s Moses said. “Defenders must adapt their strategies to address threats that span both digital and physical domains. Organizations that historically believed they weren’t of interest to threat actors could now be targeted for tactical intelligence.”
Amazon suggests organizations should expand their threat modeling to consider how their compromised IT systems could be used to support physical attacks, especially the operators of critical infrastructure, maritime systems, urban surveillance networks, and other data sources that could be used to aid targeting in kinetic operations. The company has coined the term “cyber-enabled kinetic targeting” for cyber operations whose goal is to facilitate and enhance kinetic military operations.