Russian spies hunt targets via exposed European cameras: 87,000 found vulnerable
Decade-old flaws can still provide Russian intelligence with many eyes in Europe.

Image by Cybernews.
- Russian state hackers are exploiting exposed European IP cameras for military intelligence gathering.
- Researchers identified at least 87,000 cameras in Europe that are vulnerable to known security exploits.
- Authorities recommend disabling UPnP, utilizing VPNs for remote access, and enabling multi-factor authentication to secure devices.
Russian state spies are hacking European security cameras and using automated image recognition software to hunt for targets, Dutch intelligence agencies warn. Internet scanning firm Censys flagged at least 87,000 vulnerable cameras, out of over a million more that are exposed on the internet.
Dutch intelligence agencies alert that Russian state actors are actively and systematically compromising IP cameras in Europe for military purposes.
They use image recognition software to gather relevant military data, such as cargo transports, transport routes, weapon deliveries to Ukraine, and potential locations of military personnel.
“Russian service is using the access to IP cameras to acquire relevant military intelligence in EU and NATO member states, including information that is not directly relevant to the war in Ukraine,” reads the advisory by the Netherlands General Intelligence and Security Service (AIVD) and the Netherlands Military Intelligence and Security Service (MIVD).
In Ukraine, the data derived from hacked cameras has reportedly already been used in attempts to neutralize Ukrainian military personnel and destroy their assets.
While no actual military attacks outside Ukraine have been observed, Dutch services alert that Russian spies are capable of acquiring relevant intelligence from IP cameras and “that the same tactics could possibly be implemented by Russian military units in a future conflict.”
Stay updated with our latest stories and follow us on social media
Be the first to discover new stories, ideas, and updates from our team.
The doors left wide open
The Censys report follows the Dutch intelligence warning and reveals that Europe has over one million exposed cameras accessible on the internet.
Most of the exposed cameras – 113,962 – were found in the UK, followed by Italy (99,203), Spain (81,371), Turkey (81,148), France (68,317), Bulgaria (67,277), Germany (65,539), and Romania (64,789).
In war-torn Ukraine, over 60,000 exposed cameras were found. In the Netherlands, there are more than 45,000 exposed cameras.
“Having a camera publicly accessible doesn’t make it hackable. But almost 2,000 of the hosts running those cameras appear to contain an unpatched vulnerability that is known to have been exploited in the wild,” Censys notes.
On average, one in 12 exposed cameras in Europe runs on a device with a known security flaw. The figure of 87,000 exploitable cameras is a lower-bound estimate, according to the report. Many more cameras might be vulnerable to yet-unknown zero-day bugs or simply broken into with weak or stolen passwords.
Thousands of exposed cameras are running services with critical flaws reported 5-10 years ago, however, many of the other potential weaknesses might not be immediately visible to outside scanners.
Russian intelligence has access to similar scans.
“Once an IP camera has been identified, the malicious actor can attempt to gain access to the IP camera via the internet. This is often a relatively simple process, since many IP cameras that are connected to the internet lack adequate security measures. For example, they often have default passwords, obsolete firmware, and factory configurations,” the Dutch cybersecurity advisory reads.
Authorities urge to secure the IP cameras
Many cameras end up visible on the open internet after they expose themselves via UPnP (Universal Plug and Play). This decades-old protocol requires no authentication – the camera just asks the UPnP-enabled router to enable port forwarding and open a specific port.
Dutch authorities urge users to avoid using this functionality and disable UPnP on the IP camera. It’s best to keep all cameras that aren't publicly accessible on the internet unless they're essential.
“Configure the local network to allow for the use of a Virtual Private Network (VPN) connection to establish remote access to the local network via the internet. The IP camera can then be accessed via the VPN connection,” the advisory reads.
“Disable any protocols that are not required for the use of the IP camera, for example, SSH, Bonjour, FTP, UPnP, and Telnet. If possible, use only secured protocols such as HTTPS and RTSPS.”
Check if your data has been leaked
The device itself should be hardened using strong, unique passwords and multi-factor authentication for all access to the camera streams. Cameras should be isolated within a dedicated virtual network (VLAN) with appropriate access controls.
When choosing a device, be wary of unknown brands, choose an IP camera with several years of security support, and periodically check for updates. The advisory also urges consumers to consider a camera’s country of origin, citing offensive cyber programs in China, Russia, and Iran.
Even with all the best cybersecurity practices applied, the intelligence agencies recommend limiting the field of vision of the IP cameras to their intended use only, keeping other irrelevant objects out of view, avoiding logistical flows or public infrastructure, masking sensitive zones, and limiting details, such as GPS location, in the streams.