BRUSSELS July 11, 2026 — Dutch intelligence agencies have revealed that Russian hackers gained access to internet-connected cameras, including doorbell cameras, positioned along military transport routes used by NATO countries to deliver weapons to Ukraine.
According to a joint investigation by the Netherlands’ General Intelligence and Security Service (AIVD) and Military Intelligence and Security Service (MIVD), Kremlin-linked hackers targeted IP cameras overlooking roads and routes used for transporting military aid. The operation aimed to monitor and identify specific weapons shipments heading to Kyiv.
The agencies described the activity as a “large-scale Russian operation” that affected European NATO member states, including the Netherlands, as well as Ukraine itself.
Hackers reportedly used readily available scanning tools and apps to identify vulnerable internet-connected cameras. Many of these devices — often cheap IP cameras, including popular doorbell systems — were left exposed due to:
- Default or weak passwords
- Outdated firmware
- Standard factory configurations
Once accessed, the cameras provided real-time visual intelligence on military convoys and logistics without the need for drones or satellites. Organizations operating such cameras along the affected routes have been warned by Dutch authorities to secure their systems.
This type of low-cost surveillance through civilian infrastructure has become increasingly common in modern conflicts. Similar tactics have been reported on both sides of the Russia-Ukraine war and in other theaters, where hacked cameras offer ground-level perspectives that are difficult to obtain through aerial means and often go unnoticed by device owners.
The Dutch findings were first highlighted in reporting by The Telegraph and subsequently covered by multiple international outlets.
As of the latest reports, there has been no immediate public comment from Russian authorities on the allegations.
Dutch officials have urged owners and operators of internet-connected cameras near sensitive infrastructure to change default passwords, update firmware, and improve network security to prevent similar compromises.
This incident underscores the growing role of cyber-enabled intelligence gathering in the ongoing conflict and the vulnerabilities posed by the widespread adoption of affordable connected devices.
