The National Investigation Headquarters of the National Police Agency has arrested four suspects involved in a major IP Camera Hacking case that resulted in the theft and sale of sensitive video footage from more than 120,000 devices. The police said the suspects edited the stolen footage and distributed illegally filmed material and other sexual exploitation material on an overseas website, causing serious privacy violations for victims. Authorities have launched wider investigations into website operators, content buyers, and viewers, while also beginning large-scale victim protection efforts to stop further harm.

IP Camera Hacking Suspects Sold Stolen Video Files

According to police, the four suspects, identified as B, C, D, and E, carried out extensive hacking activities targeting tens of thousands of IP cameras installed in homes and businesses. Many cameras were protected with weak passwords, such as repeated characters or simple number sequences.

• Suspect B hacked around 30,000 cameras, edited the stolen footage into 545 videos, and earned virtual assets worth about 35 million won.
• Suspect C created 648 files from around 70,000 hacked devices, earning about 18 million won.
• Their videos made up 62% of all content uploaded on the illegal overseas website (Site A) in the past year.
• Suspect D hacked about 15,000 cameras and stored child and youth sexual exploitation material.
• Suspect E hacked 136 cameras but did not distribute any content.

Police said that no profits remained at the time of arrest, and the case has been forwarded to the National Tax Service for additional legal action.

Police Investigating Operators, Purchasers, and Viewers of Illegally Filmed Material

The investigation extends to the operator of Site A, which hosted illegally filmed material from victims in several countries. Police are working with foreign investigative agencies to identify and take action against the operator. Individuals who purchased sexually exploitative material, including illegally filmed material, are also under investigation. Three buyers have already been arrested. The police confirmed that viewers of such material will also face legal consequences under the Sexual Violence Punishment Act. To prevent further exposure, police have asked the Broadcasting Media and Communications Deliberation Committee to block access to Site A and are coordinating with international partners to shut down the platform.

Security Measures Issued After Large-Scale IP Camera Hacking Damage

Investigators have directly notified victims through visits, phone calls, and letters, guiding them on how to change passwords and secure their devices. The police are working with the Ministry of Science and ICT and major telecom companies to identify vulnerable IP cameras and inform users quickly. Users are being advised to strengthen passwords, enable two-factor authentication, and keep device software updated. Additionally, the Personal Information Protection Commission is assisting in identifying high-risk cases to prevent further leaks of sensitive videos.

Protection for Victims and Strong Action Against Secondary Harm

Authorities are prioritizing support for victims of illegally filmed material and sexual exploitation material. Victims can receive counseling, assistance with deleting harmful content, and help blocking its spread through the Digital Sex Crime Victim Support Center. Police stressed that strict action will also be taken against individuals who repost, share, or store such material. Park Woo-hyun, Cyber Investigation Director at the National Police Agency, emphasized the seriousness of these crimes, stating: “IP Camera Hacking and sexually exploitative material, including illegally filmed content, cause enormous pain to victims, and we will actively work to eradicate these crimes through strong investigation.” He added, “Illegal filming videos — including possessing them — is a serious crime, and we will investigate such acts firmly and without hesitation.”

The Government of Kenya cyberattack on Monday morning left several ministry websites defaced with racist and white supremacist messages, disrupting access for hours and prompting an urgent response from national cybersecurity teams. The cyberattack on Government of Kenya targeted multiple high-profile platforms, raising new concerns about the security of public-sector digital infrastructure. According to officials, the Government of Kenya cyberattack affected websites belonging to the ministries of Interior, Health, Education, Energy, Labour, and Water. Users attempting to access the pages were met with extremist messages including “We will rise again,” “White power worldwide,” and “14:88 Heil Hitler.”

Government of Kenya Cyberattack Under Investigation

The Interior Ministry confirmed the Government of Kenya cyberattack, stating that a group identifying itself as “PCP@Kenya” is suspected to be behind the intrusion. Several government websites were rendered temporarily inaccessible while national teams worked to secure affected systems. “Preliminary investigations indicate that the attack is suspected to have been carried out by a group identifying itself as 'PCP@Kenya',” the ministry said. “Following the incident, we immediately activated our incident response and recovery procedures, working closely with relevant stakeholders to mitigate the impact and restore access to the affected platforms.” [caption id="attachment_106846" align="aligncenter" width="533"] Source: X[/caption] Officials confirmed that the situation has since been contained, with systems placed under continuous monitoring to prevent further disruption. Citizens have been encouraged to reach out to the National KE-CIRT if they have information relevant to the breach.

Regional Cyber Issues Reported Within 24 Hours

The Kenyan incident took place just a day after Somalia reported a cyberattack on its Immigration and Citizenship Agency. Somali officials said they detected a breach involving data from individuals who had entered the country using its e-Visa system. Early findings suggest that leaked data may include names, dates of birth, photos, marital status, email addresses, and home addresses. Authorities are now assessing how many people were affected and how attackers gained access to the system. The U.S. Embassy in Somalia referenced claims from November 11, when hackers alleged they had infiltrated the e-visa system and accessed information belonging to at least 35,000 applicants — potentially including U.S. citizens. “While Embassy Mogadishu is unable to confirm whether an individual’s data is part of the breach, individuals who have applied for a Somali e-visa may be affected,” the embassy said. [caption id="attachment_106848" align="aligncenter" width="377"] Source: X[/caption]

No Claim of Responsibility So Far

As of Monday afternoon, no threat group has formally claimed responsibility for either the Kenya or Somalia cyber incidents. Investigators are assessing whether the timing suggests any form of coordination or shared exploitation methods. For now, authorities emphasize that sensitive financial information, core government systems, and essential services in Kenya were not impacted. The cyberattack on Government of Kenya appears to have been limited to public-facing platforms.