You have a problem. Have you ever heard about IP cameras with remotely exploitable vulnerabilities? That's what you have and now they are most likely part of someone's botnet. I can't say that for sure, but I could send you some pictures from your factory that you'd recognize.
So your cameras are vulnerable, this part is for sure.
I don't know what else you have in this network, but if it's just cameras, I suggest to define a list of trusted addresses for outside access (if you need it):
/ip firewall address-list
add address=<IP address 1> list=Trusted
add address=<IP address 2> list=Trusted
And then only allow those and block everything else, i.e. connections from internet to cameras from other addresses, and connections from cameras to internet:
/ip firewall filter
add action=accept chain=forward comment="allow established and related connections" connection-state=established,related
add action=drop chain=forward comment="drop invalid packets" connection-state=invalid
add action=accept chain=forward comment="allow acces to cameras from trusted addresses" dst-address=103.239.5.32/27 \
src-address-list=Trusted
add action=drop chain=forward comment="block everything else" disabled=yes
Restart router to make sure that no already established connections stay open. If you have something else that should be allowed in or out, add needed rules before the last drop rule. It's intentionally disabled, enable it when you're sure that you have everything set correctly.
All this is just quick hotfix, next step is to really fix cameras, i.e. find new firmware for them (if it exists), upgrade them all and change password for all, because you can't know how many unauthorized people have it already.
And don't forget to also upgrade your router, because it's vulnerable too.