67 million cyberattacks target Hikvision cameras in UK, exposing legacy security risks

A long-standing vulnerability in Hikvision internet-connected cameras triggered more than 67 million cyberattack attempts against UK organizations in 2025, highlighting the persistent risk posed by unpatched legacy devices still connected to active networks.

The activity, identified through network-perimeter detections, represents the most frequently exploited intrusion attempt across British networks during the year. The attacks were intercepted and blocked at the firewall level, preventing compromise but underscoring the scale of ongoing exploitation tied to older vulnerabilities.

Hikvision, a China-based manufacturer and the world’s largest supplier of CCTV and video surveillance equipment by revenue and shipment volume, has a significant global footprint across residential, commercial, and public-sector environments. The widespread deployment of its devices has contributed to the continued exposure of vulnerable systems years after critical flaws were disclosed.

The vulnerability at the center of the attacks is a command injection flaw that allows remote execution of malicious commands on affected cameras. Successful exploitation could enable attackers to take control of devices, compromise surveillance systems, or incorporate them into botnet operations for broader cyber campaigns.

The volume of activity associated with this flaw accounted for 20% of all medium- and high-severity intrusion prevention system alerts recorded across monitored UK networks, making it the single most common serious threat detected.

Security researchers have identified the issue as part of a broader pattern in which outdated or unsupported internet-connected devices remain active and exposed long after security updates are released. This growing trend has been characterized as a “Zombie Tech” problem, where legacy hardware continues to operate without adequate protection.

The Hikvision vulnerability, widely tracked in cybersecurity circles, has remained a frequent target despite being publicly disclosed years ago. Continued exploitation reflects both the longevity of deployed devices and gaps in patch management across organizations.

Similar patterns have been observed in other segments of network infrastructure. Attackers are also actively targeting consumer and prosumer networking equipment, including routers. Data shows more than 602,000 attack attempts aimed at TP-Link AX21 devices across nearly 2,000 monitored firewalls, indicating sustained scanning and exploitation efforts against commonly used hardware.

Hikvision products have faced restrictions and bans in multiple regions, including the United States, the United Kingdom, India, Canada, and the European Union. These measures typically apply to government, military, and other sensitive environments, driven by concerns related to national security, potential espionage risks, and human rights considerations, rather than comprehensive consumer-level prohibitions.