A long-known vulnerability in internet-connected Hikvision cameras was responsible for more than 67 million cyberattack attempts targeting UK networks in 2025, according to data released by cybersecurity firm SonicWall.
The attacks were detected through network perimeter monitoring, where SonicWall firewalls identified and blocked malicious activity before it reached internal systems. The company stated that the Hikvision-related exploit accounted for around 20% of all medium and high-severity intrusion prevention alerts recorded across UK networks.
The vulnerability, first disclosed several years ago, affects widely deployed IP camera devices and allows remote command execution. This means attackers can send malicious instructions to a device, potentially enabling unauthorised access, system control, or use of the device in a broader attack infrastructure.
Researchers said the continued exploitation of this flaw reflects the persistence of unpatched or unsupported devices in active environments. SonicWall described this as part of a “zombie tech” issue, where outdated hardware remains connected to networks despite known security risks.
Hikvision cameras are widely used across residential, commercial, and public sector environments, including offices, warehouses, and infrastructure systems. Their scale of deployment increases the potential exposure when vulnerabilities are not addressed through updates or replacement.
The data forms part of a broader analysis of cyber threats in the United Kingdom. SonicWall reported that while the total number of ransomware attacks declined during the same period, the number of successful compromises increased. This shift was attributed to more targeted attack methods rather than high-volume automated campaigns.
In addition to camera devices, the report identified ongoing scanning activity targeting other network-connected hardware, including consumer routers. For example, SonicWall recorded more than 600,000 attack attempts against a specific router model across a subset of monitored firewalls.
Security researchers stated that many of these attacks rely on vulnerabilities that have been publicly known for years. The continued activity indicates that attackers are able to identify and exploit systems that have not been patched or properly secured.
The findings are based on telemetry collected from firewall deployments, which capture attempted intrusions at the network edge. These detections include automated scanning, exploit attempts, and other malicious traffic directed at exposed devices.
No specific organisations affected by the Hikvision-related attacks were identified in the data. SonicWall did not disclose whether any of the detected attempts resulted in confirmed breaches.