Russian Intelligence Compromises European Cameras for NATO and Ukraine Espionage
Dutch intelligence agencies have revealed a widespread Russian cyber-espionage campaign targeting internet-connected cameras across Europe and Ukraine to gather intelligence on NATO logistics and Ukrainian troops.

Russian state-backed hackers are systematically compromising internet-connected security cameras across Europe and Ukraine to gather intelligence on NATO military logistics and identify Ukrainian troops for battlefield targeting, Dutch intelligence agencies warned.
In a public advisory, the Netherlands' General Intelligence and Security Service (AIVD) and Military Intelligence and Security Service (MIVD) stated that at least one Russian intelligence service has been carrying out cyber-espionage operations against internet-accessible cameras in the Netherlands, other NATO and EU member states, and Ukraine. The primary objective is to collect intelligence of military value, including activity on military transport routes and weapons shipments destined for Ukraine. In Ukraine, the agencies reported, hacked cameras have been used to locate Ukrainian military personnel, with the gathered intelligence subsequently supporting efforts to target soldiers and destroy equipment.
The Dutch agencies also identified a small number of compromised cameras positioned along military logistics routes within the Netherlands as part of this broader operation. "As a key transit country, the Netherlands is an important espionage target due to its geographic location and its support for Ukraine," the advisory noted.
According to the advisory, attackers scan the internet for exposed devices, identify IP cameras based on manufacturer information, and exploit weak security measures such as default passwords, outdated firmware, and default configurations. The hackers then employ automated image-recognition software to analyze video feeds, enabling them to identify military vehicles and their cargo.
Beyond the conflict in Ukraine, the Dutch intelligence services assess that Russia is also leveraging these compromised cameras to collect militarily relevant intelligence within NATO and EU countries, even when unrelated to the current war. While they have not observed Moscow using such information to support military attacks outside Ukraine, the campaign "demonstrates Russia's ability to collect operational intelligence that could be used in a future conflict."
The advisory highlighted that "the number of cyber espionage operations conducted by Russian state actors in support of military operations has steadily increased since the beginning of the war against Ukraine."
To mitigate these risks, the advisory urged organizations operating internet-connected cameras to enhance their security by changing default credentials, ensuring firmware is kept up to date, and reviewing device configurations. It also recommended that organizations consider the country of origin of their cameras, noting that "Countries including China, Russia, and Iran actively conduct offensive cyber programs targeting Dutch interests."
This campaign underscores the persistent threat posed by state-sponsored actors utilizing readily available Internet of Things (IoT) devices for espionage, highlighting the need for robust cybersecurity practices across all connected devices, especially those in critical infrastructure and military-adjacent environments.