UK networks hit by 67 million attacks targeting Hikvision cameras
A decade-old bug in Hikvision’s internet-connected cameras generated more than 67 million attack attempts against UK companies last year, proving that old exploits are still a gift to hackers if they remain unpatched and network-connected.
The data provided on the China-manufactured cameras, which comes from a new global study by firewall vendor SonicWall, marks it out as the single most exploited intrusion attempt seen across British networks.
The findings are based on network-perimeter detections – threats identified and blocked by SonicWall firewalls at the point of delivery.
The company says the numbers highlight a growing “Zombie Tech” crisis, where unsupported or unpatched legacy devices remain exposed years after vulnerabilities are publicly disclosed.
Hikvision exploit dominated UK IPS traffic
According to SonicWall, it detected more than 67 million attempted cyberattacks targeting Hikvision cameras across UK networks in 2025, most of which were automatically blocked.
The company says this made it the country’s most common serious intrusion prevention system (IPS) alert, accounting for 20% of all medium- and high-severity IPS events recorded by the company.
A command injection flaw in the internet-connected camera allows attackers to remotely send malicious commands, potentially enabling device takeover, surveillance compromise, or use in wider botnet campaigns.
Has your password leaked?
Hikvision is the world’s largest supplier of CCTV and video surveillance equipment by both revenue and shipment volume in recent years, meaning vulnerable devices can remain widespread across homes, offices, warehouses, and public infrastructure.
The cameras already face restrictions and bans in countries such as the US, the UK, India, Canada, and the EU, largely due to national security, espionage fears, and human rights concerns.
The conversation on this topic is live. Join in the discussion.
Bans often focus on government, military, or sensitive sites, rather than complete nationwide consumer bans.
Earlier research from security company Fortinet warned that attackers continue exploiting legacy IoT flaws years after disclosure, including the widely abused CVE-2021-36260 affecting Hikvision cameras.
Old flaws delivering new results
Alongside Hikvision, SonicWall also warns that attackers are actively scanning for vulnerabilities in everyday networking devices, such as routers.
The firm recorded 602,000 attack attempts targeting TP-Link AX21 devices across 1,907 firewalls, suggesting consumer and prosumer networking gear is also being actively scanned and exploited.
“We’re seeing millions of attacks tied to a single long-known vulnerability, alongside continued exploitation of issues first disclosed more than a decade ago,” said Spencer Starkey, SonicWall’s executive VP, EMEA.
“Threats are becoming more sophisticated at the top end, while remaining highly exploitable at the base, and organizations must address both.”
SonicWall urged firms to immediately reduce IoT exposure by:
- Applying available firmware and security patches
- Segmenting surveillance and IoT devices from core business networks
- Disabling UPnP where unnecessary
- Replacing unsupported legacy hardware
- Restricting remote access to cameras and routers
Unlock more exclusive Cybernews content on YouTube.
